2176f2a4d372f2ab7527a3e8b27877bd22389f0df03f55fd45a0728795eaf6eb | Triage

Analysis

max time kernel
91s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 11:55

Sharing

Report Analysis Logs

General

Target

ActivationManager.dll
Size

326KB
MD5

468521d990c354a90a9de03245cc174e
SHA1

8747dced5d3d336e3baffc0426aaf590f25387b7
SHA256

2176f2a4d372f2ab7527a3e8b27877bd22389f0df03f55fd45a0728795eaf6eb
SHA512

4aa8aff08b46e1f0f37e25ca14bf311dcbe1e5b15d67faa58172e4abecfe8b767d43fb5722e206dd0db4312d1ca1de08a67cfba494008a9efc6035f491ecbc7b
SSDEEP

6144:PMS7qxaUAzphLpaNk2MFifcoDaexDoObktKXmgVQ8j3steo:P77qxaU7NggZxkVhgQ8or

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 3388	4240	rundll32.exe	82
PID 4240 wrote to memory of 3388	4240	rundll32.exe	82
PID 4240 wrote to memory of 3388	4240	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ActivationManager.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ActivationManager.dll,#1
  2⤵
  PID:3388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads