5053cec7d0f5672f1f4b01bce1ec63bdf3a964159c481657582d6842c67ed34d | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:08

Sharing

Report Analysis Logs

General

Target

LD_Reader.dll
Size

332KB
MD5

534618f1fc636b21e65da5d11cd1c7e8
SHA1

c5145abe558b7461abb0a4d6024dd01ccd97a7fa
SHA256

5053cec7d0f5672f1f4b01bce1ec63bdf3a964159c481657582d6842c67ed34d
SHA512

ef6cba8cb0570de34d64827b328f05e0a146383c4d2b58569017603ae673325428ff363fd9b6630c8bf75a0ca3165b895089bf9fabfd3e4de61ca24cbd2f2af5
SSDEEP

6144:xIxrtpXXJcYtW6kb6qQpALd9pWwa+y/I89h1BKEyzbVQv/u:xIxrtpXXJbtW6kb6qQpALd9pWwa+y/I1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4608	4040	rundll32.exe	82
PID 4040 wrote to memory of 4608	4040	rundll32.exe	82
PID 4040 wrote to memory of 4608	4040	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LD_Reader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\LD_Reader.dll,#1
  2⤵
  PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads