a346595fe9232e039e99763b5fab73cb11383d9d8ec5cbafd861e84fb376e30d | Triage

Analysis

max time kernel
24s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 11:37

Sharing

Report Analysis Logs

General

Target

AMR Player/avutil.dll
Size

19KB
MD5

03dacf694a8cea21279bf786a4f0bfb0
SHA1

f552e0870c1e321ebc111fde8794830e5dd8306c
SHA256

61f218359353971dfe22d751db78364b6e9ef1a6f8ff31333509caaed6b0603e
SHA512

6b6bc4ad0b36dce51cdade5b27ec25b62ee82b1e6f5904ccede99292bcdb3640c12ea497a245fc9f268d487201704ec43662ee78bca0d6ccebe1d707e66f81e2
SSDEEP

384:GAoYF0XGS97LSYy9muvCtfR2TUXx5yQeAabGRGqV7B:NoY+17LSYyIsCNR2wXx5wAabAG

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 960	1300	rundll32.exe	28
PID 1300 wrote to memory of 960	1300	rundll32.exe	28
PID 1300 wrote to memory of 960	1300	rundll32.exe	28
PID 1300 wrote to memory of 960	1300	rundll32.exe	28
PID 1300 wrote to memory of 960	1300	rundll32.exe	28
PID 1300 wrote to memory of 960	1300	rundll32.exe	28
PID 1300 wrote to memory of 960	1300	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\AMR Player\avutil.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\AMR Player\avutil.dll",#1
  2⤵
  PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x0000000000000000-mapping.dmp

Download
memory/960-55-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download