584dc9f06a72201306a7bb956f410fd66a9eb71ce5468814f6b22926caca58eb | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 21:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

584dc9f06a72201306a7bb956f410fd66a9eb71ce5468814f6b22926caca58eb.dll
Size

4KB
MD5

e9e1d4ebe7874e3261dcb0033d5dcf5e
SHA1

e8fb8a5f284366421fe928de1e18ff7cc905d875
SHA256

584dc9f06a72201306a7bb956f410fd66a9eb71ce5468814f6b22926caca58eb
SHA512

79d6573fa2b0655cb2404b9cae3da30c6696dd4f471ced1cf057da355dd87619d7fb6887cea49e444a69c798101bcbd3182c76b64d5e9e6aee57818f0e52dd79

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 3788	2900	rundll32.exe	88
PID 2900 wrote to memory of 3788	2900	rundll32.exe	88
PID 2900 wrote to memory of 3788	2900	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\584dc9f06a72201306a7bb956f410fd66a9eb71ce5468814f6b22926caca58eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\584dc9f06a72201306a7bb956f410fd66a9eb71ce5468814f6b22926caca58eb.dll,#1
  2⤵
  PID:3788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads