2c0a2c341e32452faf8553ce237aa8a788b01416a7604b342a6f80d1a7288f25 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 17:55

Sharing

Report Analysis Logs

General

Target

d4256ba7cbe5051b22d26ca160439684.dll
Size

28KB
MD5

d4256ba7cbe5051b22d26ca160439684
SHA1

addb7432335caa0acf53fc1c6950780fa9bbeb4a
SHA256

2c0a2c341e32452faf8553ce237aa8a788b01416a7604b342a6f80d1a7288f25
SHA512

d6afb73a24e76f454cd8eefef67077999b3900bd154c03bdd85a4359eafa9c790615d6ff9bc8679322b4d6f5216f4e6a8b7a64f6a71189b5834243713933580c
SSDEEP

384:ritPcgFoXnvc821HsP+w+oXUHAKwDxiqh:rit0gC3vc8ushkHAKwfh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 2036	4048	rundll32.exe	94
PID 4048 wrote to memory of 2036	4048	rundll32.exe	94
PID 4048 wrote to memory of 2036	4048	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4256ba7cbe5051b22d26ca160439684.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4256ba7cbe5051b22d26ca160439684.dll,#1
  2⤵
  PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:3444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads