bfdb0405cf433b2a95ffb43f8234d3ad46af5f734b7209ef8a009cbce95ad648 | Triage

Analysis

max time kernel
103s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 22:26

Sharing

Report Analysis Logs

General

Target

18660b54f1a85f6845d6e2297cb2cd40N.dll
Size

5KB
MD5

18660b54f1a85f6845d6e2297cb2cd40
SHA1

8bb477b502c2c592e627a6543a465864ef27f2d6
SHA256

bfdb0405cf433b2a95ffb43f8234d3ad46af5f734b7209ef8a009cbce95ad648
SHA512

df842f6a50b8b9769c1f69b254d5c04e059ece46ec8e64310bd348fd3d8f7fc3d7aeb3e396c8c60bfbd6726e47a76c01f37874070ecd7f7cffd829694b6d0eae
SSDEEP

96:hy859x0P8MaS2ZDZQ00R7VBnyKClwPkgb5JkrcWfARUa:F5oLAZZd0R7Y6sgLQcWJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1324	628	rundll32.exe	84
PID 628 wrote to memory of 1324	628	rundll32.exe	84
PID 628 wrote to memory of 1324	628	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18660b54f1a85f6845d6e2297cb2cd40N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18660b54f1a85f6845d6e2297cb2cd40N.dll,#1
  2⤵
  PID:1324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads