792eba5ba91a52bfb3b369107f38fb9a7e7b7987cd870f465338eae59e81f3f6 | Triage

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 01:36

Sharing

Report Analysis Logs

General

Target

$TEMP/http_dll.dll
Size

20KB
MD5

5b92266d9a26260b4c9920ede267ba37
SHA1

372d5455fdb689787e7e49f7799510c6c2cdf6b7
SHA256

d3c41834ea1a05eb19b6012a9c0c4a2dd9df243af0df56885edabedfe3fea261
SHA512

db9b277d74d1c50b8580b8dbeef1f5c3f54a6cf436a95c658bf7b8201d48ed651400fdde84d7297abf7f71b1f8f2bf335716833e564fa25cf10483b5f8766ec5
SSDEEP

48:qN+CUF+FoqxHGvf12FTGp8FbhOzSNuIlJb4sDfUpEoOtqFt2MEx6xglBmc:89JbcV2Fyp85zJDfMEoVWlo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1136 wrote to memory of 3408	1136	rundll32.exe	rundll32.exe
PID 1136 wrote to memory of 3408	1136	rundll32.exe	rundll32.exe
PID 1136 wrote to memory of 3408	1136	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\http_dll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\http_dll.dll,#1
  2⤵
  PID:3408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads