097a87ab896f748bb6b5f4bbf053d3b3b3d020a3e15d5c7fc941849540ac08a5 | Triage

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 18:25

Sharing

Report Analysis Logs

General

Target

097a87ab896f748bb6b5f4bbf053d3b3b3d020a3e15d5c7fc941849540ac08a5.dll
Size

3KB
MD5

8dd6d24bc58b9838ae12b80c07dd822b
SHA1

43baf6aed4e0577bef54bc3edcc1c7ea176f5af9
SHA256

097a87ab896f748bb6b5f4bbf053d3b3b3d020a3e15d5c7fc941849540ac08a5
SHA512

b2597ef3e203ea09bd665da2aecf8f3e390eda0a2d27b1f0bd8012213ccb0ea209d67d500176df641935505ce1b1a0adbfb4ec14ef453fdd5a9e9398096b31d6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1328	1400	rundll32.exe	90
PID 1400 wrote to memory of 1328	1400	rundll32.exe	90
PID 1400 wrote to memory of 1328	1400	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\097a87ab896f748bb6b5f4bbf053d3b3b3d020a3e15d5c7fc941849540ac08a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\097a87ab896f748bb6b5f4bbf053d3b3b3d020a3e15d5c7fc941849540ac08a5.dll,#1
  2⤵
  PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=1960 /prefetch:8
1⤵
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads