6adfe3d9c629dc7a4fdb1a6f8489ac22c9e32533a1e61a00f5e6f9f59b9192d2 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 22:40

Sharing

Report Analysis Logs

General

Target

5a32e1e668303123c1fd48e8de7caaf6.dll
Size

6KB
MD5

5a32e1e668303123c1fd48e8de7caaf6
SHA1

82beeede967e83007fe23102fca3adc9bb4d05ed
SHA256

6adfe3d9c629dc7a4fdb1a6f8489ac22c9e32533a1e61a00f5e6f9f59b9192d2
SHA512

da2b12656508c8b48be00a77a10ad565156f51c6766d23d94d363641938d47396003f3e460d0c99f4dbceead3f359d14968518474e2d6e7096160bf50f91b623
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0pB+BDq9J5SH:VDa9VUX9bQWJB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 776	2152	rundll32.exe	85
PID 2152 wrote to memory of 776	2152	rundll32.exe	85
PID 2152 wrote to memory of 776	2152	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a32e1e668303123c1fd48e8de7caaf6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a32e1e668303123c1fd48e8de7caaf6.dll,#1
  2⤵
  PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads