79cf60976b460063d4eb8f7e83039aebf18dba16c50a787d191e72ecfefbddfe | Triage

Analysis

max time kernel
101s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 04:48

Sharing

Report Analysis Logs

General

Target

$TEMP/Ff8wfHZYn0.dll
Size

89KB
MD5

7a06cb307f802c120609c0b3c1e963a9
SHA1

2bda4b275422ea6138b12efaeefcb9e279f1de95
SHA256

292340cb04147497e7828986c55765e24bc863ab8e3066b317d78032beab984a
SHA512

a38c7cfb714859ddca000390bae3c4dc5a4cf88db2e974168bf1270b0740568630ce2afd63cb6b663c7df9296a97d2c0dbc0968b2eaaab74487cd179876752a6
SSDEEP

1536:zglskiJV33LX+dJ52NZmihyR6cu4fiTUyrUpgWjAal+faohb:QoJ3KdJAbG6cu4OrUpgEAi+fZb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 4396	3752	rundll32.exe	83
PID 3752 wrote to memory of 4396	3752	rundll32.exe	83
PID 3752 wrote to memory of 4396	3752	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\Ff8wfHZYn0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\Ff8wfHZYn0.dll,#1
  2⤵
  PID:4396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4396-0-0x00007FFAD8110000-0x00007FFAD8305000-memory.dmp

Filesize
2.0MB

Download