09e26bef095a7a3c850ece3ec71f9dd334d0b79c11d333437102d3e2923d1f4e | Triage

Analysis

max time kernel
133s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 18:31

Sharing

Report Analysis Logs

General

Target

09e26bef095a7a3c850ece3ec71f9dd334d0b79c11d333437102d3e2923d1f4e.dll
Size

3KB
MD5

7b4155f9e268c2fd4d6204d0e37d2899
SHA1

abb12235dea97449b645b472ce05ba25c6acbd40
SHA256

09e26bef095a7a3c850ece3ec71f9dd334d0b79c11d333437102d3e2923d1f4e
SHA512

fe12038dee7d521bd68ca3dfe0b26d9b049d291fdf89f32bd100bf756501a539b1702683c086dd041334b45d86f04c98210cde7221219b166ad5e8dd624de8ab

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 2400	5076	rundll32.exe	83
PID 5076 wrote to memory of 2400	5076	rundll32.exe	83
PID 5076 wrote to memory of 2400	5076	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09e26bef095a7a3c850ece3ec71f9dd334d0b79c11d333437102d3e2923d1f4e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09e26bef095a7a3c850ece3ec71f9dd334d0b79c11d333437102d3e2923d1f4e.dll,#1
  2⤵
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads