67fda2e9f97550a6e0bfec72f253d4dbab97ca136a89d34dadc8aca46d1b3e3e | Triage

Analysis

max time kernel
92s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 13:15

Sharing

Report Analysis Logs

General

Target

StorageManageLibrary8.dll
Size

505KB
MD5

11701b76485e1801ca2f1d3d42a8a894
SHA1

3b4e7f33cd0d57c20a5d3f88401f7805138527e4
SHA256

67fda2e9f97550a6e0bfec72f253d4dbab97ca136a89d34dadc8aca46d1b3e3e
SHA512

140a1796c4b2aaef64853eed6fa712f6d7663bd8659ea786c977f8c157ae8e076b3a4f8660454b7233475f86dbcf1141674ae3e93077199837db6114b53b8422
SSDEEP

6144:IqGE59GBsgkpxml0dz0rI3zRnqJt0OOTWt18PcpUJ8:IPE9GpkpxfBzlqJt0BTm1R6u

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 2596	4696	rundll32.exe	83
PID 4696 wrote to memory of 2596	4696	rundll32.exe	83
PID 4696 wrote to memory of 2596	4696	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\StorageManageLibrary8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\StorageManageLibrary8.dll,#1
  2⤵
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads