909fad3769c45de02292ab6dbf4aab907f5ce3ebef25c2a1167f759a1ae85de2 | Triage

Analysis

max time kernel
103s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 02:14

Sharing

Report Analysis Logs

General

Target

4bb89b8cc8e9750bd845fe90d5b72030N.dll
Size

6KB
MD5

4bb89b8cc8e9750bd845fe90d5b72030
SHA1

c8bd6c38de9fce13166925430c4962c340df3788
SHA256

909fad3769c45de02292ab6dbf4aab907f5ce3ebef25c2a1167f759a1ae85de2
SHA512

06d5754578011368697ec71bad9d92a760181a235f157da9b603763e266b6b4d2b75ef4844d62cc10df48bb9456a189ae76cf913337496ab385e673435750c9a
SSDEEP

96:hy859x0P8MaPUIw1kV2kNaJCqAw4jBSwJbT/Omw4ow4Uw4jBkiENv4Txm4qw:F5oL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 4616	1272	rundll32.exe	84
PID 1272 wrote to memory of 4616	1272	rundll32.exe	84
PID 1272 wrote to memory of 4616	1272	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb89b8cc8e9750bd845fe90d5b72030N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb89b8cc8e9750bd845fe90d5b72030N.dll,#1
  2⤵
  PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads