bc57f82267ee65e6639b223a57eed33b6980e00fd8138aae9001b17b3a014ce0 | Triage

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 13:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

geg.dll
Size

299KB
MD5

e03a20cb5e94f4dd46ccdff15699d65b
SHA1

144b5aec464ad625db98b648e71adf15d25ed90c
SHA256

bc57f82267ee65e6639b223a57eed33b6980e00fd8138aae9001b17b3a014ce0
SHA512

d5f5587bcf955dbc467d685434659fb04733671b1e6f0662bd7e6cf89de3bd4ce2cc1d47c6bdb808f7eb613a282bedce81279d81f6e19f022b5a8c2f821e6ad1
SSDEEP

6144:DCwRY6BW3aLjd5b+94uxYc9tN48VuCyn7:mUB8avfJi5VuJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 540	1256	rundll32.exe	84
PID 1256 wrote to memory of 540	1256	rundll32.exe	84
PID 1256 wrote to memory of 540	1256	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\geg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\geg.dll,#1
  2⤵
  PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads