c626b9526cc8c3f7d2d7b543510a114b6aa945ca7cf71e7c8f29e8174bfc38e2 | Triage

Analysis

max time kernel
92s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 23:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

db4a843afb18b0894e9c2cbcc207e694.dll
Size

3KB
MD5

db4a843afb18b0894e9c2cbcc207e694
SHA1

4214edca2600273ff19673ed11c50d3f6bb26fdb
SHA256

c626b9526cc8c3f7d2d7b543510a114b6aa945ca7cf71e7c8f29e8174bfc38e2
SHA512

b3d6537e5a7eb4a4196ca2e46cc6ee1e09fdbb0163c1e375546fdb3912f11d2e52f5752e994cd9128ccb0c0eb8920ff21eb1998aca96a2c3890f4fbf4ff4f1f1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 1696	2636	rundll32.exe	84
PID 2636 wrote to memory of 1696	2636	rundll32.exe	84
PID 2636 wrote to memory of 1696	2636	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db4a843afb18b0894e9c2cbcc207e694.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db4a843afb18b0894e9c2cbcc207e694.dll,#1
  2⤵
  PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads