8db38444dfd1ced02cc22409e2e3082d331cb02d9a2ef9579420120c6a2b63f2 | Triage

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2022, 20:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

xrGame.dll
Size

6.9MB
MD5

0dc8a2f637abaf15b5b9242e19d36270
SHA1

08d63315288050515307c433790aabd83613aac1
SHA256

8db38444dfd1ced02cc22409e2e3082d331cb02d9a2ef9579420120c6a2b63f2
SHA512

4f77e4d5eb61df1103a63d6d61b184214fdf827f602cd8ec6b4a90a3ecd9106b6fce26136aca5e95391445ff05129841d242031eb43d5c74375f343700d0cbc1
SSDEEP

98304:4fLbApeDYM21JRuOWQlF7Fp4KYpmuDWrHVgMH2FwyCQtzPH/RYKM7kRPgWBCa5pm:Gb0J7BpciCjF/qpnI6N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 4440	3972	rundll32.exe	79
PID 3972 wrote to memory of 4440	3972	rundll32.exe	79
PID 3972 wrote to memory of 4440	3972	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xrGame.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\xrGame.dll,#1
  2⤵
  PID:4440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads