db4aedb3ba2b1d5eaf62dd51b9ec0953f8e7cd7c01916a7805f46747d884f0a8 | Triage

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 02:51

Sharing

Report Analysis Logs

General

Target

SCSKAppLink.dll
Size

501KB
MD5

61f86d30ddd12a4dbd2203b95c67ae95
SHA1

f57ac33e180ad5b8812003baed76e6671215d43f
SHA256

b214e6534cc3bbd490bafffde071b1325b3af48d4efb6174d592677e6ef7089d
SHA512

b01cdc569fb2998750ad094a25cef5ebf9a73c4f919803fc94802057ea82250f2a4fc12279d9ed1dc6245c86e1a5cc72f39a86758ed648f49255f97b2daf4483
SSDEEP

12288:ksywtFteBaS+tisOOEEYwsufC8OeEE4gseiRpslCHYHipslCHEHipslCHMHipsHr:ksyHxphKcD8

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1864	rundll32.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1864	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1864	848	rundll32.exe	27
PID 848 wrote to memory of 1864	848	rundll32.exe	27
PID 848 wrote to memory of 1864	848	rundll32.exe	27
PID 848 wrote to memory of 1864	848	rundll32.exe	27
PID 848 wrote to memory of 1864	848	rundll32.exe	27
PID 848 wrote to memory of 1864	848	rundll32.exe	27
PID 848 wrote to memory of 1864	848	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SCSKAppLink.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SCSKAppLink.dll,#1
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1864-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1864-56-0x0000000010000000-0x0000000010082000-memory.dmp

Filesize
520KB

Download