f2f43ac60c0bc21a75395561163cd50dd79a5aa007dc4b24ffd4885b0fb1ef5a | Triage

Analysis

max time kernel
92s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 04:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f2f43ac60c0bc21a75395561163cd50dd79a5aa007dc4b24ffd4885b0fb1ef5a.dll
Size

3KB
MD5

9d48f7c6d233c4d87131b3f97bb4280e
SHA1

37edc59b9176b8d55cf3946fdbf20765cd32f885
SHA256

f2f43ac60c0bc21a75395561163cd50dd79a5aa007dc4b24ffd4885b0fb1ef5a
SHA512

16086ef1fd18c0ac19baf1a48d932fbe9f4fa9da1d1fd92808ace19225fe093c9eddf13e7a46d8728706e51a3ccf0e8375fbae32b2e4359f501f1856089eb97f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 4664	4780	rundll32.exe	84
PID 4780 wrote to memory of 4664	4780	rundll32.exe	84
PID 4780 wrote to memory of 4664	4780	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f43ac60c0bc21a75395561163cd50dd79a5aa007dc4b24ffd4885b0fb1ef5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f43ac60c0bc21a75395561163cd50dd79a5aa007dc4b24ffd4885b0fb1ef5a.dll,#1
  2⤵
  PID:4664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads