a66480afb69847e9126074b113fe9d5f7c92e22daf10441493a34b901cabec2a | Triage

Analysis

max time kernel
134s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 22:38

Sharing

Report Analysis Logs

General

Target

56326f08ed757e51d63af8af3ccdeb0c.dll
Size

80KB
MD5

56326f08ed757e51d63af8af3ccdeb0c
SHA1

fbce72fc7615da0cd9d7cd9bfdd0d59b70841e91
SHA256

a66480afb69847e9126074b113fe9d5f7c92e22daf10441493a34b901cabec2a
SHA512

8ad98bb6664edb4e115a4eeac56e12c24bd8f394ba8c25e8666cd64b9c6103cc1b3d7ed43862e48ab17592040fd53d4a9721fae6b7077a820a34599457cf0a9a
SSDEEP

768:8qoWGGuoT2L28sht/RAXY5cO5RkBM7XOoF0e92DU95:KWyg2q1ht7kBxoyqH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 3244	4012	rundll32.exe	85
PID 4012 wrote to memory of 3244	4012	rundll32.exe	85
PID 4012 wrote to memory of 3244	4012	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\56326f08ed757e51d63af8af3ccdeb0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\56326f08ed757e51d63af8af3ccdeb0c.dll,#1
  2⤵
  PID:3244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads