12187ca5f62f2e59a9cae1dc964ca1837f319cef39a7b992796f423e5013edf5 | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 05:15

Sharing

Report Analysis Logs

General

Target

cd337f780e271c924b0bb86b98c50a50.dll
Size

118KB
MD5

cd337f780e271c924b0bb86b98c50a50
SHA1

d87bf253da72d908405f7c8527089f29ccca78bd
SHA256

12187ca5f62f2e59a9cae1dc964ca1837f319cef39a7b992796f423e5013edf5
SHA512

a45eca1d2bf56b8cf9f18cbc9e85f724d92e100112a17ec1cc41fc2898cc9cdf2343996e825c92d8e253eca5bc891aadba45da19586aedd9c09e09501c7e8a29
SSDEEP

3072:xEPq9YMLkV0p4b8+dFcLvQRsaMVGIiToJs5xiCi:aS2Ck6p4N6raLL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 3172	1364	rundll32.exe	84
PID 1364 wrote to memory of 3172	1364	rundll32.exe	84
PID 1364 wrote to memory of 3172	1364	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd337f780e271c924b0bb86b98c50a50.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd337f780e271c924b0bb86b98c50a50.dll,#1
  2⤵
  PID:3172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3172-0-0x0000000000B00000-0x0000000000B21000-memory.dmp

Filesize
132KB

Download