df8e314c418962f44f0075b46b9a0291acedab6cbcd60e8c5dd4f63c5a367826 | Triage

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 10:56

Sharing

Report Analysis Logs

General

Target

imetool/indicdll.dll
Size

11KB
MD5

0416ddc2575d4afa613a3690a0a73e4a
SHA1

005a58706e24f09b86728d7aaa417d68899d544c
SHA256

a73fc0fa7745aa83273a45c8e5ae6c918a0910de8441c8437b653112d05864e5
SHA512

4b2e1b520ffea28e15b3573677c9f54c66cb351dba71da9b6051bbcc911c0c46af027ee9484e19b8f0c356e9a9847104d1e7e3f1100f272c9b52a9980c3ffc6a
SSDEEP

192:bcGAv3J5oZoqPLnwJc85Hi7o4uHWgWCWad:bO3XaoqPL2c+LpWgWCWU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 4580	2448	rundll32.exe	83
PID 2448 wrote to memory of 4580	2448	rundll32.exe	83
PID 2448 wrote to memory of 4580	2448	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\imetool\indicdll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\imetool\indicdll.dll,#1
  2⤵
  PID:4580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads