a9f6f4e582dbd35d8f1d3686d8037747d9d96ad39882303555febba47322bc33 | Triage

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2024, 11:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cdfeb0a3b79f2f258ae5fea7400e74c8.dll
Size

6KB
MD5

cdfeb0a3b79f2f258ae5fea7400e74c8
SHA1

8ce1d215d4c513aeb34fe6f80651e2b47b35b922
SHA256

a9f6f4e582dbd35d8f1d3686d8037747d9d96ad39882303555febba47322bc33
SHA512

aeb610483a92be01259b08cdcfecab7b5883d6018f0580ea12ce276e03aef63fb3a8479e8ae6ca8aa2a0c1e93106bc6ad0f287062154a8a250a99af9f4c03eda
SSDEEP

48:6EQt5YVOSVVEPy+wEMmqiHNpU100B+BDq9J5SV3DY:CSVVEPozmB72B+FqX5S1D

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 3076	4968	rundll32.exe	87
PID 4968 wrote to memory of 3076	4968	rundll32.exe	87
PID 4968 wrote to memory of 3076	4968	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cdfeb0a3b79f2f258ae5fea7400e74c8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cdfeb0a3b79f2f258ae5fea7400e74c8.dll,#1
  2⤵
  PID:3076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads