92568303c5f9880d3c36c8f1e25516f1d51809598394fcc3b39f3cf36afd03d5 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-03-2024 08:35

Sharing

Report Analysis Logs

General

Target

de-DE.dll
Size

267KB
MD5

75d2c686d410ec1f880a6fd7a9800055
SHA1

c5fa1dc0a76bed67f1a1a9bc943b39ef6e4ed104
SHA256

8e2429d70989bbdd2ea8842dce7c3d790ebe148490ee519b47767557f4a4a733
SHA512

a05115d2eaed22ac685b0e45751650bd58f6d4f46c6fb2ba8fb564b1a959ea27ac209e1d1c53e4c966ee8d0e502af7ab9e3ccb311b66d704160141b12edac2c5
SSDEEP

6144:nXqP6z+NDh73TqeTM30P6gVN3WAO6XlL1v:nXqPXRh73TqKmSR1v

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 212 wrote to memory of 5020	212	rundll32.exe	rundll32.exe
PID 212 wrote to memory of 5020	212	rundll32.exe	rundll32.exe
PID 212 wrote to memory of 5020	212	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de-DE.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:212

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de-DE.dll,#1
2⤵
PID:5020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...