ba6b4727c45b35f5da340f7cf139d0f89c758600210cb8d2d33194cf7497c038 | Triage

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 22:10

Sharing

Report Analysis Logs

General

Target

022383bada88a4b90cba5cac7f625a30N.dll
Size

464KB
MD5

022383bada88a4b90cba5cac7f625a30
SHA1

287aaef47471e148ef3a1620d57c9efe4eaf21c0
SHA256

ba6b4727c45b35f5da340f7cf139d0f89c758600210cb8d2d33194cf7497c038
SHA512

6995d3ce6d859970f23488d605b70ee5732a17be5458bb803e20571923d1f3a4b8fab9dceafcf3d8abac8177cfc53d54824bfacf823dd790c7b7293659cb6316
SSDEEP

12288:Eime8K6UxSlxu9vIzkMpdcfi9UBjvrEH7e+:EivvIQFlrEH7e+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 3048	1176	rundll32.exe	83
PID 1176 wrote to memory of 3048	1176	rundll32.exe	83
PID 1176 wrote to memory of 3048	1176	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\022383bada88a4b90cba5cac7f625a30N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\022383bada88a4b90cba5cac7f625a30N.dll,#1
  2⤵
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads