bc5acbe8633ad16decab2f7cc71852f3bf835038c4923c4aac6ef8c325bb9436 | Triage

Analysis

max time kernel
166s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 20:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bcb9bdcae2dd4706aa9210ec12c1a0d3.dll
Size

4KB
MD5

bcb9bdcae2dd4706aa9210ec12c1a0d3
SHA1

0766e5dc3186a419d2f89d2a5b415b4c228936c6
SHA256

bc5acbe8633ad16decab2f7cc71852f3bf835038c4923c4aac6ef8c325bb9436
SHA512

45739b8bd9348b0345d87f8880669e927a700b1a5326524a6480648866bd4e3c777087c8b586849a42796b3c070a2bbe06b12aefcb63ef54594efd1ec507bf9f
SSDEEP

48:a5z4K+cmATmRYoRZCTJzJtldFMWfyFElUu9:MTWnRZ0lJ/dFMWqFfk

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 3308	4196	rundll32.exe	88
PID 4196 wrote to memory of 3308	4196	rundll32.exe	88
PID 4196 wrote to memory of 3308	4196	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcb9bdcae2dd4706aa9210ec12c1a0d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcb9bdcae2dd4706aa9210ec12c1a0d3.dll,#1
  2⤵
  PID:3308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads