7362153fecb9a0aa2798b700689860d4172f0ce85914837f0e4044eebe0d9eae | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 17:31

Sharing

Report Analysis Logs

General

Target

b7f89c884136a5f23401123b0596b18b.dll
Size

74KB
MD5

b7f89c884136a5f23401123b0596b18b
SHA1

ebc8d57439b1eff396ff6b0baba5db5106c3a98b
SHA256

7362153fecb9a0aa2798b700689860d4172f0ce85914837f0e4044eebe0d9eae
SHA512

69de1d60ec7922276584a89a409e0dda77b088a78a07fadaf91e3f838975fe94b040f2ea97d78d14a1bbb8fdb83d4cb1b3dfc472a59ef03d5bc160cf66493d91
SSDEEP

1536:qG7BCHF1TzB8kaVsxDwPA7xt2kbQOnjDbMIyQ8wKd:qG7Ml1/BbVW41XnrhH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 3524	212	rundll32.exe	88
PID 212 wrote to memory of 3524	212	rundll32.exe	88
PID 212 wrote to memory of 3524	212	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7f89c884136a5f23401123b0596b18b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7f89c884136a5f23401123b0596b18b.dll,#1
  2⤵
  PID:3524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3524-0-0x0000000003A60000-0x0000000003AAB000-memory.dmp

Filesize
300KB

Download