199270fb73f8c6e0c19b285be9874c0aa9a14b5138ec6c13a856d4ca6202d393 | Triage

Analysis

max time kernel
91s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 05:10

Sharing

Report Analysis Logs

General

Target

opengl32.dll
Size

79KB
MD5

2c466e055126d6e39938b3451fc77184
SHA1

c4354793dc7a49d5f171fe496088df76d7f6e0ff
SHA256

e0693f7752e6088923b31d3faf7db1a0b5989838d7c250bddb6c175c17891537
SHA512

015f366aed0c823158af1beaa8d6514d1afe90bfda0ac1eb6074340031e9ce14f1f5eb3aa3e47a34ada70c036949c58df1679a22338cc15da3ee352ab1889c9b
SSDEEP

1536:tG0tELS/PLvgM/CNn1p1q6eG+yMCkA2MiuePFGnj+TdfQRa1y5BnJAGV:LMEvanhe2k1MiuAGnjwZQRb9JAGV

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1560-133-0x0000000010000000-0x000000001004B000-memory.dmp	upx
behavioral2/memory/1560-134-0x0000000010000000-0x000000001004B000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1560	884	rundll32.exe	81
PID 884 wrote to memory of 1560	884	rundll32.exe	81
PID 884 wrote to memory of 1560	884	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\opengl32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\opengl32.dll,#1
  2⤵
  PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1560-132-0x0000000000000000-mapping.dmp

Download
memory/1560-133-0x0000000010000000-0x000000001004B000-memory.dmp

Filesize
300KB

Download
memory/1560-134-0x0000000010000000-0x000000001004B000-memory.dmp

Filesize
300KB

Download