aedb439ffc055b8462177b73f91ed39ef51e1842cb6ca599faef5b7985ea4715 | Triage

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2022 14:13

Sharing

Report Analysis Logs

General

Target

桌面透视汉化版Vitrite/VitriDLL.dll
Size

52KB
MD5

76bce9b60305b5e05c882537806baa12
SHA1

9969703728a9a9c734582ff4cfba6a65df084597
SHA256

9aa712e770d4dba8725cde05eb4773e17d6f48b3da8837d7dd1969c10be1dd7c
SHA512

0744fa33de52d37b2ca28e9e1ef56cd7385e4522e6dbc722da2e3aa7cb62770c2753a2251435acd3acce3d526110924d22886498893a04c820bb2280a6d33372
SSDEEP

1536:EpYgA7BmHsipwCbFG1L2fM4LcZFzCmJ4:wYnlFCZ62E6cZFGmJ

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2876	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2876	2540	rundll32.exe	80
PID 2540 wrote to memory of 2876	2540	rundll32.exe	80
PID 2540 wrote to memory of 2876	2540	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\桌面透视汉化版Vitrite\VitriDLL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\桌面透视汉化版Vitrite\VitriDLL.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2876-132-0x0000000000000000-mapping.dmp

Download