a096845d6c5f7ca8a131768cbe86b57fb70c39612110ad819617117e9b08a1ae | Triage

Analysis

max time kernel
155s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 00:17

Sharing

Report Analysis Logs

General

Target

System.Console.dll
Size

162KB
MD5

4dfdf7bfd889a6e2f167a2185f83fe18
SHA1

55b880a7317ed78e10876fbdd1f22edc14230668
SHA256

22089908983d33c7a893ccbe897ccb24e51f14c9e2fb98eb9d584ea249354c01
SHA512

bccd31bbfa75aa5675fe68c8a0501d1b62dd8ada4cb87ca0fbfa90e280ee975d6e5898381d2643e6f6a46ccb85da3b493ecee820317959ab01ce3226fde9d75d
SSDEEP

3072:SgCEfXcSzfK05n32LqVbn4NYtV/7eLfua/1URUxQr7+1uGXQTY7ucp9wwD:lXZSq/VRVg1ATisGucj/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2256	2812	rundll32.exe	92
PID 2812 wrote to memory of 2256	2812	rundll32.exe	92
PID 2812 wrote to memory of 2256	2812	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Console.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Console.dll,#1
  2⤵
  PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads