7a0c7869723c264e7caedf795239c9c4058f65c4e06b5a78b96562856e6a7be1 | Triage

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:06

Sharing

Report Analysis Logs

General

Target

DDORes.dll
Size

14.4MB
MD5

260b404a32c87f7ce02604f5f7a7425f
SHA1

cf5c30eb2aab2c754b722ccae5a87bb4bb44d9a7
SHA256

7a0c7869723c264e7caedf795239c9c4058f65c4e06b5a78b96562856e6a7be1
SHA512

c5d635e714c4f4163e3c79de4353e53f26e5e503843b4cb31cefd19d935a27b1941865dd15b32da845c31b7bc39c1237c5be9012c02200abebf1c16b7e454948
SSDEEP

98304:5M3DnPDrNGVGFGVGv9dI2WwkoIggrrrrrrXBealZ9xoMu:qzPDrNGVGFGVGVdIbwkp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 1552	4612	rundll32.exe	83
PID 4612 wrote to memory of 1552	4612	rundll32.exe	83
PID 4612 wrote to memory of 1552	4612	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DDORes.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DDORes.dll,#1
  2⤵
  PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads