8a5135713c1a6688b790f11fcfc9153ebb442cee6aa69ecff9e6afd097068a66 | Triage

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 12:39

Sharing

Report Analysis Logs

General

Target

TISPAN32.dll
Size

65KB
MD5

1e522006e572619dabe8713ebc83c27f
SHA1

b7a574f6763c405cac18d5930d4538ccf70d3824
SHA256

ccc3c0b35b42ef40e116a8ba5e6f40c1f303e00f6d6c31c9a9eac5994b1d5294
SHA512

7451e0de0c38709e965f473e5b721ef40760955cec58659abc5d60d2b6e8bb28b0fa15bcacdc194fa412563c97b6150c5708fdf2ec198054a48a212386b47ab7
SSDEEP

768:qUc+0gMDaCp+MIhDOoT6jocGBrgVM08z0dr9SKTUcxMiD+2qVoq/2vmyG:ggMDaCp+rJ8b8z0dzxMiD+2qVKG

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4888	4908	rundll32.exe	80
PID 4908 wrote to memory of 4888	4908	rundll32.exe	80
PID 4908 wrote to memory of 4888	4908	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\TISPAN32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\TISPAN32.dll,#1
  2⤵
  PID:4888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads