eff775a070e0c01c03006db1e84a311d7e8931a1240a624983133193084f3894 | Triage

Analysis

max time kernel
135s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:38

Sharing

Report Analysis Logs

General

Target

DataExchange.dll
Size

177KB
MD5

374ad1fb9da2e9edf4f8dcd4df9464ca
SHA1

278761453ff4bd94bf803999a54d2775a65de72f
SHA256

eff775a070e0c01c03006db1e84a311d7e8931a1240a624983133193084f3894
SHA512

6fd52ee98089b55ee0604eba08ee11371aa099466fdd13894aa7afc8261fdb28f79f1f2854356686874b12b09c4364aefb87b74a96196c4c8221d2e72c0cc879
SSDEEP

3072:FnoT+0lRTip+KrOu9KjXwZ1K6QL0T3/45NLpVC7DqP7uAh3SiZ3:FnoTX3TisKrlFRQL0Enp072yARdZ3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3980	4836	rundll32.exe	82
PID 4836 wrote to memory of 3980	4836	rundll32.exe	82
PID 4836 wrote to memory of 3980	4836	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DataExchange.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DataExchange.dll,#1
  2⤵
  PID:3980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads