63e2721ccdd7fb3a8cbc5aa3b9646a43a96d0c88c1ab8cc68301744972e068fd | Triage

Analysis

max time kernel
137s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 06:03

Sharing

Report Analysis Logs

General

Target

NlsData0024.dll
Size

129KB
MD5

ee11fbb6d8253c328dcc35a36b52e0ce
SHA1

ad5e102ed71cd5e7a9c7cb600ae78e02cc6334a5
SHA256

63e2721ccdd7fb3a8cbc5aa3b9646a43a96d0c88c1ab8cc68301744972e068fd
SHA512

d06b791793a632212d8209c6bf766c0d5fb82aeaf26eeaef1ae757dd97bfd456d06d49b3be84c2d88a67eb0e82369d628c7f8c921866c23957e1dc2df6130d30
SSDEEP

3072:sC7TPPHhy1w5BtR1kck1JCom2FKcoXtl0u1SifIMV+:sC7DE1w5BtRGceJCom2FKco9lxSi0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 2388	5028	rundll32.exe	82
PID 5028 wrote to memory of 2388	5028	rundll32.exe	82
PID 5028 wrote to memory of 2388	5028	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NlsData0024.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NlsData0024.dll,#1
  2⤵
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads