0a6f6657bd20ef3e312a94c1416692d53cc87ded2d444c32c3d314088f3953ed | Triage

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 22:55

Sharing

Report Analysis Logs

General

Target

824ec8f61e0ada9b73b532597ba277ea.dll
Size

7KB
MD5

824ec8f61e0ada9b73b532597ba277ea
SHA1

8813def6c148f79865be03aabe21cbd5e954e35d
SHA256

0a6f6657bd20ef3e312a94c1416692d53cc87ded2d444c32c3d314088f3953ed
SHA512

a5afe7b95f8f6c774d184e31df555c22efee8c01b18ff04d5b1089f02cc1c24528fcfed0659a9603ad452b8002b08b7cac923927eb5910f1686294a6d8b64d65
SSDEEP

96:wb4VHccYJUC/aFbz/j0OvaPUd3cX5aXW:wUaJf/aFbP0OX2JaX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 3628	5104	rundll32.exe	86
PID 5104 wrote to memory of 3628	5104	rundll32.exe	86
PID 5104 wrote to memory of 3628	5104	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\824ec8f61e0ada9b73b532597ba277ea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\824ec8f61e0ada9b73b532597ba277ea.dll,#1
  2⤵
  PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads