d0b1a2a08e3d66a84813a44010ce1a9202b5e78a727a1740de94fc61be3f1f03 | Triage

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 01:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f9f2ec75d55dfdf91d2491d646f6f80N.dll
Size

4KB
MD5

2f9f2ec75d55dfdf91d2491d646f6f80
SHA1

bfeced8bfcb6331bd8d5d90408cf22f6069d50e5
SHA256

d0b1a2a08e3d66a84813a44010ce1a9202b5e78a727a1740de94fc61be3f1f03
SHA512

5d6a746bc71f428d794ed903b960e544c80a1d7a2381d7f7aea2f0091334c357b4d5256bd2fa0d843d1cf089dfc45493338b8ab31427123e9d6c69ad32a20c45

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 3540	2624	rundll32.exe	86
PID 2624 wrote to memory of 3540	2624	rundll32.exe	86
PID 2624 wrote to memory of 3540	2624	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f9f2ec75d55dfdf91d2491d646f6f80N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f9f2ec75d55dfdf91d2491d646f6f80N.dll,#1
  2⤵
  PID:3540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads