12403572fcf3676335c59b72887fa2910e616973938630dc34e7b856aaf34075 | Triage

Analysis

max time kernel
95s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 18:20

Sharing

Report Analysis Logs

General

Target

Psapi.dll
Size

17KB
MD5

abbc53dbdb01df277a7dd8f86da1c168
SHA1

43c4c7f9217eaf85059cb9cbd26935535c3383ac
SHA256

35261e40e0fc8229978cab1efcfd2607ae712c40ecff11430df5a78bb2a87795
SHA512

709df9029b61be8070426141b795076794ae32120dbd960b51e305db4cf56cef0ff288df2b5460e181ed6621b7e961295ac22e57525e7021b9698e3a14e99e8b
SSDEEP

384:aYwcLQSN+IyddAO4qO6pYA98cgUWZcDWr:hNY2vwgw8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1536	968	rundll32.exe	83
PID 968 wrote to memory of 1536	968	rundll32.exe	83
PID 968 wrote to memory of 1536	968	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Psapi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Psapi.dll,#1
  2⤵
  PID:1536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads