321f274b9fef4646fc12889fae6cc166546940df0529e6f8406d9a8faf3ab37c | Triage

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 14:43

Sharing

Report Analysis Logs

General

Target

e1eb163a04fd807898fdaadd6065cf28.dll
Size

19KB
MD5

e1eb163a04fd807898fdaadd6065cf28
SHA1

094150173a4e9669135bc596720c0bb8c3f35ed5
SHA256

321f274b9fef4646fc12889fae6cc166546940df0529e6f8406d9a8faf3ab37c
SHA512

647826caf0bc23ff6d4e8551077fc4957f0612a495f44bccd8993d792640c30ff1d5e8c5c2827505622f4fc9f3e91239d54fc77291201c18ce4849b0bd966edf
SSDEEP

384:dlv4YiKEjcYXmmDP5Eiz4cs9ORqR6RhRKR9+R++RyRT:7ATKEjNxbkcxwkXAuVo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 180 wrote to memory of 692	180	rundll32.exe	94
PID 180 wrote to memory of 692	180	rundll32.exe	94
PID 180 wrote to memory of 692	180	rundll32.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1eb163a04fd807898fdaadd6065cf28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1eb163a04fd807898fdaadd6065cf28.dll,#1
  2⤵
  PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4112 --field-trial-handle=2536,i,8161505972217706694,705854963991409854,262144 --variations-seed-version /prefetch:8
1⤵
PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads