2af1ea84dab62ac8c9a21b6812c6df4e78a9a5dbb8e92bfb26cec5ac67efddb9 | Triage

Analysis

max time kernel
139s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:30

Sharing

Report Analysis Logs

General

Target

dciman32.dll
Size

11KB
MD5

02f8ccf27184184afb35b19e0f968875
SHA1

9dc398a485ccf0567069afd3f2006ef04d3d502d
SHA256

2af1ea84dab62ac8c9a21b6812c6df4e78a9a5dbb8e92bfb26cec5ac67efddb9
SHA512

d0308269354c789b8159fb32074206fb50277504ac582411ae9213f9f2de6a21eee51e4c661f81f12f6bb8593ab29eae78af0ec3d9de27fb94282e5202985898
SSDEEP

192:DC6SqFxrAdNVpTN+wI7sFVZN78emk3WZOWucG:pxkzvTN+wI7sFVzek3WZOW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 2336	652	rundll32.exe	83
PID 652 wrote to memory of 2336	652	rundll32.exe	83
PID 652 wrote to memory of 2336	652	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dciman32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dciman32.dll,#1
  2⤵
  PID:2336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads