2617aa6863eb5a16fab52194bb94a7f2bdba1dbd2ac3ac7ab11d437a8a115957 | Triage

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 21:50

Sharing

Report Analysis Logs

General

Target

26aaa89d1d254ee7e1d4b0f79dee41f7.dll
Size

6KB
MD5

26aaa89d1d254ee7e1d4b0f79dee41f7
SHA1

fe0c5b94d149dd4711af0d5aeb1ce9e3d0e28cd7
SHA256

2617aa6863eb5a16fab52194bb94a7f2bdba1dbd2ac3ac7ab11d437a8a115957
SHA512

4cbea3355f6ed973cb8a1ad7ef5138bd4318ecfe2a603aa913510b3061aef498a75eadfb3e5c03db1f8bf46b4fd585b7e72ce5d0859cddae3c526d21037f2dff
SSDEEP

48:6WQV5YVOqtV0H1pw9ygYVUG0U2cB+BDq9J5SC:8qtV0HAr4wcB+FqX5SC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 4200	2312	rundll32.exe	84
PID 2312 wrote to memory of 4200	2312	rundll32.exe	84
PID 2312 wrote to memory of 4200	2312	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26aaa89d1d254ee7e1d4b0f79dee41f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26aaa89d1d254ee7e1d4b0f79dee41f7.dll,#1
  2⤵
  PID:4200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads