436774a1ba8ae9edbb799c075b6898b846d0eeba18fdd8dbe39f21f55c274977 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 10:24

Sharing

Report Analysis Logs

General

Target

c5a23fea87ce848578cb502e6d9bd97d.dll
Size

35KB
MD5

c5a23fea87ce848578cb502e6d9bd97d
SHA1

3d4c4348442793897bb1f68969559824ab2ddf55
SHA256

436774a1ba8ae9edbb799c075b6898b846d0eeba18fdd8dbe39f21f55c274977
SHA512

7f24526da967495aadcff14c2e81daaa02ead1af87fa908a74bd6c49367f26ae8e1c74645acd74db97fffdad0b095ca6b6c13e3750c1f8cfd3b56c0a89b75180
SSDEEP

768:09PfliOVSxNjjSGdvj7CQtK8LA/L/CODb6iRsB5:0hliSSSG97CGK8LA/2O6iRs7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 2980	3936	rundll32.exe	89
PID 3936 wrote to memory of 2980	3936	rundll32.exe	89
PID 3936 wrote to memory of 2980	3936	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5a23fea87ce848578cb502e6d9bd97d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c5a23fea87ce848578cb502e6d9bd97d.dll,#1
  2⤵
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads