ec518c68e3ec99fc9c45c7f54464f0486e3faaf39078b0bd9cfab04d8e500c14 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 09:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b462e2db81cb856aa2a3e0a15a850bdc.dll
Size

14KB
MD5

b462e2db81cb856aa2a3e0a15a850bdc
SHA1

02c760d8f3f9bc5914a664a14d935169c9a4f653
SHA256

ec518c68e3ec99fc9c45c7f54464f0486e3faaf39078b0bd9cfab04d8e500c14
SHA512

88295969543e25963acf49440653f9202c82e8c8ce1c582b7890cfb35472ac000142bdccc92120f92c5aaa10b367933a028bc740f71de187fff5ea36c47ae09e
SSDEEP

384:DoGwmrynHjyapFDlhuC6OlugdjeEgNmWjdL5:DvwXzIEYzp5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3300	3984	rundll32.exe	89
PID 3984 wrote to memory of 3300	3984	rundll32.exe	89
PID 3984 wrote to memory of 3300	3984	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b462e2db81cb856aa2a3e0a15a850bdc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b462e2db81cb856aa2a3e0a15a850bdc.dll,#1
  2⤵
  PID:3300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads