77ee8f7f4cbc61deb7fd9640ee86f62a679a257858e9b28fdb0a9f70d5eb4b88 | Triage

Analysis

max time kernel
93s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 23:31

Sharing

Report Analysis Logs

General

Target

77ee8f7f4cbc61deb7fd9640ee86f62a679a257858e9b28fdb0a9f70d5eb4b88.dll
Size

4KB
MD5

6132cb6b47b1a82ca495f4dc51691c7f
SHA1

feb678640faf1fd0d3f21ef51dfbc540da778e95
SHA256

77ee8f7f4cbc61deb7fd9640ee86f62a679a257858e9b28fdb0a9f70d5eb4b88
SHA512

568db45fead3049088701ebdd45b9bd0e4753b378037728e3f9c72783c4d24af54dbdfc02f19a3dd45a994f03fbea92085c2073b2ca8f73d8501ed121e988862

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 220	5072	rundll32.exe	88
PID 5072 wrote to memory of 220	5072	rundll32.exe	88
PID 5072 wrote to memory of 220	5072	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\77ee8f7f4cbc61deb7fd9640ee86f62a679a257858e9b28fdb0a9f70d5eb4b88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\77ee8f7f4cbc61deb7fd9640ee86f62a679a257858e9b28fdb0a9f70d5eb4b88.dll,#1
  2⤵
  PID:220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads