e1f7f87d61b9102ea83d436fa6e18bd5144f96b1c996651997fc3e5d851a9b7b | Triage

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 12:39

Sharing

Report Analysis Logs

General

Target

abe5e7742f544bce61c698a5f7f42302.dll
Size

43KB
MD5

abe5e7742f544bce61c698a5f7f42302
SHA1

e865c450aa8d83acdbd94fcb9e1873e3b3f52923
SHA256

e1f7f87d61b9102ea83d436fa6e18bd5144f96b1c996651997fc3e5d851a9b7b
SHA512

cf56136f7f44b4e6e7b8eaf8ac8af8344ed1630711f797c6b355d93ab192fbf1e7af1b5d3791a8d4dfbf810a6d9b3a068d40f9bae8c395994c20081e1438cb48
SSDEEP

768:mC4qfQw1iOZXxuLAIfA5l7gbhgEaGGc5dV1w8gXK:h4qfQwFXxuLAIElVGGc5N5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 2408	4688	rundll32.exe	93
PID 4688 wrote to memory of 2408	4688	rundll32.exe	93
PID 4688 wrote to memory of 2408	4688	rundll32.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abe5e7742f544bce61c698a5f7f42302.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abe5e7742f544bce61c698a5f7f42302.dll,#1
  2⤵
  PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4124 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2408-0-0x00000000004D0000-0x00000000004E0000-memory.dmp

Filesize
64KB

Download