0089805c74741fe6cb833e3caa0eb0b8ad723f4b7bff89ebeaa035737b730e9b | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 10:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pandora/pandora_desync.dll
Size

7.6MB
MD5

89125849df9e7361f0af186256f95e1f
SHA1

1c17cc286bc2ccff6e2cc9fc0cbf5977d86037b4
SHA256

2567e0424b43d6dae6187f9a5f2a107174a1a7e43e4ebd25832805835b67c163
SHA512

c1b1050a957ea50786989b30675b49addc98c91a497dd42b0f02d03671836fca0ce535107c7064dc02fc86e7ad37cb4b53116f682ea5c02496138288b0a47c1b
SSDEEP

196608:MBoORoP7zPI/a9oLTW2C3s5WqYMT04usJxdesEO:UVCA/a9QTW2C+Zykjdes

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1260	1632	rundll32.exe	28
PID 1632 wrote to memory of 1260	1632	rundll32.exe	28
PID 1632 wrote to memory of 1260	1632	rundll32.exe	28
PID 1632 wrote to memory of 1260	1632	rundll32.exe	28
PID 1632 wrote to memory of 1260	1632	rundll32.exe	28
PID 1632 wrote to memory of 1260	1632	rundll32.exe	28
PID 1632 wrote to memory of 1260	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pandora\pandora_desync.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\pandora\pandora_desync.dll,#1
  2⤵
  PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1260-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download