f4912cbb87499a3a04cd9742fdbb99178e77d33351da26a19920de4395bc0eff | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 04:02

Sharing

Report Analysis Logs

General

Target

a0e5688936633e6565f7f84d92174952.dll
Size

116KB
MD5

a0e5688936633e6565f7f84d92174952
SHA1

b462f24720d460f40ac97bab6929431057cf8f49
SHA256

f4912cbb87499a3a04cd9742fdbb99178e77d33351da26a19920de4395bc0eff
SHA512

b73f78494b28fe2725633bef7c0b22f6430ffc5c804f3ea349a4f157a947958e02b8f3663b0f11cc078d0422618d41bf4e8cc0e1f7305342103c06391e6f0def
SSDEEP

3072:j+ermb2zHlfaOrWzwuTfmJxstAZnFTCfxwDj+B:jvr33/mtOnFTrjI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 1396	4988	rundll32.exe	85
PID 4988 wrote to memory of 1396	4988	rundll32.exe	85
PID 4988 wrote to memory of 1396	4988	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0e5688936633e6565f7f84d92174952.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0e5688936633e6565f7f84d92174952.dll,#1
  2⤵
  PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1396-0-0x0000000001140000-0x000000000114B000-memory.dmp

Filesize
44KB

Download
memory/1396-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/1396-7-0x0000000001140000-0x000000000114B000-memory.dmp

Filesize
44KB

Download