f481545ee6a68b85f770bee782066db521a7dfa25bd55b5e3c2a164261fe5911 | Triage

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 22:59

Sharing

Report Analysis Logs

General

Target

8e14e70c74291997deb9583f9234661e.dll
Size

6KB
MD5

8e14e70c74291997deb9583f9234661e
SHA1

d00dfafa23b22fbe7c40eef9429d2965fb444799
SHA256

f481545ee6a68b85f770bee782066db521a7dfa25bd55b5e3c2a164261fe5911
SHA512

479344e0d2b077e55ca5b5ef20f271b2cac7aa4324b0135ce5a4c1b38a10aa4cc22bfae482bcfb84d91599616916ba59394465212f5047e214b4459159d84eaa
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0RB+BDq9J5SH:VDa9VUX9bQWxB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 1476	1648	rundll32.exe	92
PID 1648 wrote to memory of 1476	1648	rundll32.exe	92
PID 1648 wrote to memory of 1476	1648	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e14e70c74291997deb9583f9234661e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e14e70c74291997deb9583f9234661e.dll,#1
  2⤵
  PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3540 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads