b1a7b78b139fa65a75294deb1af7bc30e5007c93397b7ba6774dd3c9e56f5448 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 12:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DeviceCenter.dll
Size

471KB
MD5

9c98f1732b13c92ac5af3d09a4f93002
SHA1

9fcc2a655b7f53b1b2d33afe57a9b2ba3e6a5026
SHA256

b1a7b78b139fa65a75294deb1af7bc30e5007c93397b7ba6774dd3c9e56f5448
SHA512

84badc5661191f3397dce1c08bcaed19d859c11adaabe7a995c290596c2d97b10eaa36ade0ef7b8413c06a0543bcc7b9d3f891cea060f06b9276aaa2847f85be
SSDEEP

6144:2OIWRvKfp+RdWtxq/7OVcxrVznEz12zYyH6C4NQFnIx1Ka:2OZRvo+R41GrVbMkUdZN6Iv5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 4628	1160	rundll32.exe	84
PID 1160 wrote to memory of 4628	1160	rundll32.exe	84
PID 1160 wrote to memory of 4628	1160	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DeviceCenter.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DeviceCenter.dll,#1
  2⤵
  PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads