acf612ff01402f05cf303c8e3ef241735b229a29b5a94e6732620cd6862554d6 | Triage

Analysis

max time kernel
93s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 00:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acf612ff01402f05cf303c8e3ef241735b229a29b5a94e6732620cd6862554d6.dll
Size

3KB
MD5

0fcaf056e3059eb69e9ae0c48fb05717
SHA1

92c55a970993d2af83de9cac85c30819c49d6a80
SHA256

acf612ff01402f05cf303c8e3ef241735b229a29b5a94e6732620cd6862554d6
SHA512

b59764ac8fd04f3a334acbd97b5718780f4b3ef0db503d0a49f588b84703bd46e294b83edd04d02430f42c1b86bd0c13bb5ee41929d94567cc3f11a708b47bbb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 2040	5100	rundll32.exe	86
PID 5100 wrote to memory of 2040	5100	rundll32.exe	86
PID 5100 wrote to memory of 2040	5100	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\acf612ff01402f05cf303c8e3ef241735b229a29b5a94e6732620cd6862554d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\acf612ff01402f05cf303c8e3ef241735b229a29b5a94e6732620cd6862554d6.dll,#1
  2⤵
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads