5a9c89f260f7f6c4d65fb64507d540f066cdb95eee0f51477c96c2dcca677e60 | Triage

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 02:19

Sharing

Report Analysis Logs

General

Target

c235bff9a3f2b871a80e3b0f375a197c.dll
Size

57KB
MD5

c235bff9a3f2b871a80e3b0f375a197c
SHA1

5d64344df954f85faddf1f0015abb338a8201d3f
SHA256

5a9c89f260f7f6c4d65fb64507d540f066cdb95eee0f51477c96c2dcca677e60
SHA512

831b4e589b8c0e1bfa76ba2036617d90446f98d2d3898448a6a787d3bcb95bc07c97b177b3012beae3065f1194446869eef9884e5afe1333660c42eb31fb33b3
SSDEEP

1536:FNIKDP4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:wqP4YU6ErtGNEKIpCT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3912	2340	rundll32.exe	88
PID 2340 wrote to memory of 3912	2340	rundll32.exe	88
PID 2340 wrote to memory of 3912	2340	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c235bff9a3f2b871a80e3b0f375a197c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c235bff9a3f2b871a80e3b0f375a197c.dll,#1
  2⤵
  PID:3912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3912-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download