5398b966d6e50cc4c6d65103b598ae50b153c02c77cc972db2baf8c2963b8403 | Triage

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 05:25

Sharing

Report Analysis Logs

General

Target

035b74045671c0de8a5ca44c5aa6b0f2.dll
Size

6KB
MD5

035b74045671c0de8a5ca44c5aa6b0f2
SHA1

6df5f2bf86f01260616b1c322c1cb19cc19c58fe
SHA256

5398b966d6e50cc4c6d65103b598ae50b153c02c77cc972db2baf8c2963b8403
SHA512

05cc4cbb6358c70fb3bb901690eba8707b32f19d862e6c7efa123ee0aade1a6d1aa0729f42120eb8c67580ed8811b25d079a3b008e3858f281f6872c1b00709e
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0AB+BDq9J5SH:VDa9VUX9bQWgB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 2204	4628	rundll32.exe	84
PID 4628 wrote to memory of 2204	4628	rundll32.exe	84
PID 4628 wrote to memory of 2204	4628	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\035b74045671c0de8a5ca44c5aa6b0f2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\035b74045671c0de8a5ca44c5aa6b0f2.dll,#1
  2⤵
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads