ed1298e84311bd9e8eb9cd1f2f262cc2ad321825c8aa5fea49e9b755e7c73595 | Triage

Analysis

max time kernel
0s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 04:02

Sharing

Report Analysis Logs

General

Target

ed1298e84311bd9e8eb9cd1f2f262cc2ad321825c8aa5fea49e9b755e7c73595.dll
Size

3KB
MD5

f61b6ace50037a88ae8cfecfaecc7bef
SHA1

cd40aaef02fe6c2f9630d3881008cc3f93b0cd45
SHA256

ed1298e84311bd9e8eb9cd1f2f262cc2ad321825c8aa5fea49e9b755e7c73595
SHA512

a5056704a9d1d906b69672c8dc4261e32205cdba0175246c1b0f60a78bedd3eb420c9acff865ed5a05e7613bfc63750327ed18f182d2b72957c96d05d2f929dd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 1208	1872	rundll32.exe	81
PID 1872 wrote to memory of 1208	1872	rundll32.exe	81
PID 1872 wrote to memory of 1208	1872	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed1298e84311bd9e8eb9cd1f2f262cc2ad321825c8aa5fea49e9b755e7c73595.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed1298e84311bd9e8eb9cd1f2f262cc2ad321825c8aa5fea49e9b755e7c73595.dll,#1
  2⤵
  PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads