ab427411b41a0a642c93ba4c2962abb816fcf9ec612f391846baa50cd3070ce8 | Triage

Analysis

max time kernel
139s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 23:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d4de087c9646c4566bb3c1b8fb75d973.dll
Size

6KB
MD5

d4de087c9646c4566bb3c1b8fb75d973
SHA1

1f04bbd009eb81b09e4b30e2d923d5a49f15cde3
SHA256

ab427411b41a0a642c93ba4c2962abb816fcf9ec612f391846baa50cd3070ce8
SHA512

838a2126273b1091bc502df70c3ee8d97bd1ad0800a8cad46a4dfdb752ed2027505985b6509317860d771d36bec04f72097a41b2d8734dbdc7e37bf8cbe4db8c
SSDEEP

48:6EQt5YVOSVVEPy+wEMmqiHNpU10VB+BDq9J5SV3DY:CSVVEPozmB7HB+FqX5S1D

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 4540	1944	rundll32.exe	85
PID 1944 wrote to memory of 4540	1944	rundll32.exe	85
PID 1944 wrote to memory of 4540	1944	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4de087c9646c4566bb3c1b8fb75d973.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d4de087c9646c4566bb3c1b8fb75d973.dll,#1
  2⤵
  PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads