097c41f908a01aeaafd8d7a8301406d9abcf6c06d9f490912814aba73da1250e | Triage

Analysis

max time kernel
147s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 23:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a4e7f015f06c77a85e1c353184641f9b.dll
Size

6KB
MD5

a4e7f015f06c77a85e1c353184641f9b
SHA1

a97d5bfa7e0903ca768b88a90c2ad1961b208953
SHA256

097c41f908a01aeaafd8d7a8301406d9abcf6c06d9f490912814aba73da1250e
SHA512

b4f49a17b38cc8d415d55e9857e9edf0b2b56deaa74b7e42deb5db65428f34f053f97ba8697d5f7d007fd131132add5242e2d72fbc9bd5f3ee6e7d74f3a6e7da
SSDEEP

48:63mll5YVOa9VUX1iwbQWu06B+BDq9J5SH:VDa9VUX9bQWaB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 4364	4580	rundll32.exe	85
PID 4580 wrote to memory of 4364	4580	rundll32.exe	85
PID 4580 wrote to memory of 4364	4580	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4e7f015f06c77a85e1c353184641f9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4e7f015f06c77a85e1c353184641f9b.dll,#1
  2⤵
  PID:4364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads