b13c6382d7352aec56980f072d97c0e09ef443f1b7383e3dd6762260e671fe02 | Triage

Analysis

max time kernel
448s
max time network
451s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 12:21

Sharing

Report Analysis Logs

General

Target

E85429C854299A78/version.dll
Size

987KB
MD5

b9e2656b72ad923f231d12876a8a5640
SHA1

e7da8cd7c76c4d333a912b574ebce447a972e7c6
SHA256

07d03f080a1f318b5125f5551a700ad209825907cce291b2c241b49b17d502ac
SHA512

73029b3299dcbe03bbf70fea2e77cf3b770728e0b52ead951dfa6e83dda30f3dfe5d97b36f8694af6ddf40bddf4f3e349a69af694055482cb8e928d1471e88f9
SSDEEP

12288:9mzy52sk14W7fnumkiipuuDx6h0QrH6s6iEN6GGvulmc3Mk:qsk14W7dP7H6s6iEMr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1568	2032	rundll32.exe	85
PID 2032 wrote to memory of 1568	2032	rundll32.exe	85
PID 2032 wrote to memory of 1568	2032	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\E85429C854299A78\version.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\E85429C854299A78\version.dll,#1
  2⤵
  PID:1568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads