a0423aaabc55d4f4d6b62a2c2a587670aec88f04aee56202ccf994cb9de2bed8 | Triage

Analysis

max time kernel
1756s
max time network
1765s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 10:04

Sharing

Report Analysis Logs

General

Target

CL54XX.dll
Size

90KB
MD5

7b20265a8ede1b9bd54f7601e3aa08ce
SHA1

a44031fa9bc48384d6046c56b2f68bbf7720db7d
SHA256

50a33f1c7a39e2ac833604df1388735627fae0a1720cdc5772699ed7481f7a5f
SHA512

18bce6b7b2b0c9931ef35247f0e86c2c68693e67806a7e75039ef8465693a7b1a9ac72711de88cada1370299f0ed555f133e1cc54fedd2b69ca74f735465df9c
SSDEEP

1536:Xu0nu0bEHA3uX+x5JhQQONS+GrgWeJwUgSDW9oxrNB+oj8Qp:Xu8bEHA3uX+xTCLULkWeJwUgfaxrNgQ5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 336 wrote to memory of 4660	336	rundll32.exe	81
PID 336 wrote to memory of 4660	336	rundll32.exe	81
PID 336 wrote to memory of 4660	336	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CL54XX.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\CL54XX.dll,#1
  2⤵
  PID:4660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4660-0-0x0000000000010000-0x0000000000027000-memory.dmp

Filesize
92KB

Download