f1f1bdbdc9f206d262d067869bee7bed0b467281906c55ec3cc3298808697d89 | Triage

Analysis

max time kernel
18s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 13:11

Sharing

Report Analysis Logs

General

Target

Project4.dll
Size

123KB
MD5

8c3828ff057a9b0cbe1796c0059c19bc
SHA1

f04fc763b2ad00334f5e98dc68484be7a920f5f4
SHA256

f1f1bdbdc9f206d262d067869bee7bed0b467281906c55ec3cc3298808697d89
SHA512

443c2b75e90c9055b9f8fb17bb8fec01befbe031bbd89e81bc7c0e376af38a1d6c91f2bdf3d7815397d3b21ecc7591120a25c457cefe97abcd3384a6dcc102c2
SSDEEP

3072:Jj/+pGsDnRrE6Nvc9Vno0KAa7sUv+EXUJ/XffL:J6brE669dO789vfL

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3952	rundll32.exe
3952	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 3952	2568	rundll32.exe	88
PID 2568 wrote to memory of 3952	2568	rundll32.exe	88
PID 2568 wrote to memory of 3952	2568	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Project4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Project4.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3952-0-0x0000000076350000-0x0000000076440000-memory.dmp

Filesize
960KB

Download