09ec028fc181038d06ba71eb06591aef54b65b538a2e8b804295d1c4a921e785 | Triage

Analysis

max time kernel
93s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 18:25

Sharing

Report Analysis Logs

General

Target

09ec028fc181038d06ba71eb06591aef54b65b538a2e8b804295d1c4a921e785.dll
Size

3KB
MD5

ced53e468e225cad432e2458538a8831
SHA1

a81e9c6fcc67561a5051b6b8977c7335cf0a79e3
SHA256

09ec028fc181038d06ba71eb06591aef54b65b538a2e8b804295d1c4a921e785
SHA512

3797e4783ef3a8312381abef83fd573972932120cfbd1fd8837b1fbda14ff9d93d7865d2b5e0952f423d1de85d2b4c06db40d56e249816434db76cf433c90955

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 4352	432	rundll32.exe	88
PID 432 wrote to memory of 4352	432	rundll32.exe	88
PID 432 wrote to memory of 4352	432	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09ec028fc181038d06ba71eb06591aef54b65b538a2e8b804295d1c4a921e785.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09ec028fc181038d06ba71eb06591aef54b65b538a2e8b804295d1c4a921e785.dll,#1
  2⤵
  PID:4352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads