2b3383c1b490857539542cf9655081f517f8fe8d34f668dfc0b6458b009f4388 | Triage

Analysis

max time kernel
92s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e1c9426d560c9aaca34ffd9b61d5bedc.dll
Size

7KB
MD5

e1c9426d560c9aaca34ffd9b61d5bedc
SHA1

37ed032a4d088e3746bb6b3be998746774c3b005
SHA256

2b3383c1b490857539542cf9655081f517f8fe8d34f668dfc0b6458b009f4388
SHA512

3f1c8e4d1c7f6d0d1893cc018b9477360576fb17516fcbca1d24ba7fd5a4b60d86a7cef33f70ae6922fb5b993e2c6905a05d81ac7a76602b1a18610a2de86ea3
SSDEEP

96:wb4VHccYJUC/aFbz/j0OvaPCd3cX5aXW:wUaJf/aFbP0Ot2JaX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 684	4756	rundll32.exe	85
PID 4756 wrote to memory of 684	4756	rundll32.exe	85
PID 4756 wrote to memory of 684	4756	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1c9426d560c9aaca34ffd9b61d5bedc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1c9426d560c9aaca34ffd9b61d5bedc.dll,#1
  2⤵
  PID:684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads