d9f2a6d8c6c7d5f6755687b4073a56cbb38ab3a4c1d139b7b0d41274fcb9f4c9 | Triage

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 03:29

Sharing

Report Analysis Logs

General

Target

d9f2a6d8c6c7d5f6755687b4073a56cbb38ab3a4c1d139b7b0d41274fcb9f4c9.dll
Size

3KB
MD5

0415ab6872bb9bd66420df22b4d3d117
SHA1

4e3521cb074fe8ea6cfa424a36744e68fd3000af
SHA256

d9f2a6d8c6c7d5f6755687b4073a56cbb38ab3a4c1d139b7b0d41274fcb9f4c9
SHA512

7cdca846290d64a19af2150631ccfad3cf1ca677380e8608eb1e3e554882ba8cdd738bec30e12e14f5ea261d35ac07b6daf12182d596a9e2c4559ba5f15d1c9d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 228	1752	rundll32.exe	83
PID 1752 wrote to memory of 228	1752	rundll32.exe	83
PID 1752 wrote to memory of 228	1752	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9f2a6d8c6c7d5f6755687b4073a56cbb38ab3a4c1d139b7b0d41274fcb9f4c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9f2a6d8c6c7d5f6755687b4073a56cbb38ab3a4c1d139b7b0d41274fcb9f4c9.dll,#1
  2⤵
  PID:228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads