ec920267b9c4ec8b410ac16f6e6255f89b0c49c5607a787d21e25604bb9a5961 | Triage

Analysis

max time kernel
129s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 06:10

Sharing

Report Analysis Logs

General

Target

docprop.dll
Size

36KB
MD5

70832b7253093e9896b49f276beba63b
SHA1

27f86d39cea4af1c8cf545b911e68d2f9b4c46cd
SHA256

ec920267b9c4ec8b410ac16f6e6255f89b0c49c5607a787d21e25604bb9a5961
SHA512

1ef783eb1503de8979e2f6afa4895a1205cd5e417b6535dd683a34694186c35aac377f0730220f2577a21baefec9d2503c9aebc703608cf1bfe1007fcad0fd1c
SSDEEP

768:jqwvncAd/QV17FePN80laW1CWmAJzfU3LSCR3:jlbd/QVVFh0laWpmKQbhR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 464	1848	rundll32.exe	82
PID 1848 wrote to memory of 464	1848	rundll32.exe	82
PID 1848 wrote to memory of 464	1848	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\docprop.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\docprop.dll,#1
  2⤵
  PID:464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads