9bd63838ba064673ed11fbf9342396096215c73680c67fbeee21ea24cf5f1bea | Triage

Analysis

max time kernel
94s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 00:42

Sharing

Report Analysis Logs

General

Target

9bd63838ba064673ed11fbf9342396096215c73680c67fbeee21ea24cf5f1bea.dll
Size

3KB
MD5

fd641f7d1f5890e1650da1a72b3645fc
SHA1

819b72a1604a9b4da59dec83d44a3c179b8f23db
SHA256

9bd63838ba064673ed11fbf9342396096215c73680c67fbeee21ea24cf5f1bea
SHA512

ba67677734695999c1bcd1719b427037230242a94250876635fd2ea562c25776b7f202fc0d89c3e0175df9dc74421eed9d5f554fa4e530609e657d9cfb5ce6bd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 3352	4976	rundll32.exe	82
PID 4976 wrote to memory of 3352	4976	rundll32.exe	82
PID 4976 wrote to memory of 3352	4976	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bd63838ba064673ed11fbf9342396096215c73680c67fbeee21ea24cf5f1bea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bd63838ba064673ed11fbf9342396096215c73680c67fbeee21ea24cf5f1bea.dll,#1
  2⤵
  PID:3352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads