64d3397191dc0c52eb7da2eb95d4baec144c2ec676ff8ca766afc2c70890e26d | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 05:35

Sharing

Report Analysis Logs

General

Target

0fc666036827ae8fd73e2eb741b4a3bd.dll
Size

6KB
MD5

0fc666036827ae8fd73e2eb741b4a3bd
SHA1

f40b29ea80ed1d494e02c12b0a1aaf818e3a0acf
SHA256

64d3397191dc0c52eb7da2eb95d4baec144c2ec676ff8ca766afc2c70890e26d
SHA512

924431833452d34f8f23fc6ab93685e79fe28c34316587e21e02235094d1be637d0ce502c0a6a878c4eadaaa70bb1b3b98cfcd69540bb597d809f7e7d3fbba13
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0vB+BDq9J5SH:VDa9VUX9bQWPB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4256	4220	rundll32.exe	85
PID 4220 wrote to memory of 4256	4220	rundll32.exe	85
PID 4220 wrote to memory of 4256	4220	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc666036827ae8fd73e2eb741b4a3bd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc666036827ae8fd73e2eb741b4a3bd.dll,#1
  2⤵
  PID:4256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads