f00e637957d8e5206c91269b70e9e5ca9f3abcb9248e7108ec8b1ec4d9db925c | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 03:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ca597a135a831972f4edfb1c03bc32cd.dll
Size

10KB
MD5

ca597a135a831972f4edfb1c03bc32cd
SHA1

7e1c0463e7350774c82296c2f17c0d70b9acdd3e
SHA256

f00e637957d8e5206c91269b70e9e5ca9f3abcb9248e7108ec8b1ec4d9db925c
SHA512

b0c015aff59b00760816d17e600e286034502090991ec6b49c08b5739103498e67295c0690a4049a6b024435ab0612a74390aa39bbb667018954f0d7505a7728
SSDEEP

192:niDstAH6076ut7KNTNGI7Ojc+kPBomYYx/:ttqetTcTT2BomYYB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2528	2796	rundll32.exe	90
PID 2796 wrote to memory of 2528	2796	rundll32.exe	90
PID 2796 wrote to memory of 2528	2796	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca597a135a831972f4edfb1c03bc32cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca597a135a831972f4edfb1c03bc32cd.dll,#1
  2⤵
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads