5ffd6b1262f2c0552233279b909f38174681dfa951ba51cb484fcf2aa7019930 | Triage

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 01:31

Sharing

Report Analysis Logs

General

Target

589e012cfaf7d596569aad11ea970d00N.dll
Size

78KB
MD5

589e012cfaf7d596569aad11ea970d00
SHA1

a6ec1ed0ae084aa9ecfa9c8841ac9a5a5cdfd688
SHA256

5ffd6b1262f2c0552233279b909f38174681dfa951ba51cb484fcf2aa7019930
SHA512

1e92a502fe33913ff4908299ea04268c03f8b33b91c1b4f7f665542a8c8baf779f44306764b9837afeceb4a7357efc007716e984577a92344b59f08b3bdf1be5
SSDEEP

1536:wkwoXeLYNdnarKinX03R9KXEy1h4Kibg:YouLeauiE3R9OEyYg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1488	216	rundll32.exe	83
PID 216 wrote to memory of 1488	216	rundll32.exe	83
PID 216 wrote to memory of 1488	216	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\589e012cfaf7d596569aad11ea970d00N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\589e012cfaf7d596569aad11ea970d00N.dll,#1
  2⤵
  PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads