c50183eed715ec2392249e334940acf66315797a740a8fe782934352fed144c6 | Triage

Analysis

max time kernel
91s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2023, 19:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

winvnc.x86.dll
Size

281KB
MD5

719a93419dd5123b52961a076d283f21
SHA1

835030d4709ef6a2a408d0a6d0fe59c0db228000
SHA256

c50183eed715ec2392249e334940acf66315797a740a8fe782934352fed144c6
SHA512

dc4b59ce5a4b8b2007049574ea65f59651669aff60fd5f44e7ddc700ec714eeb3b5c77407be56dbca536be9855eb1b4f82abac47c87712ace891c0c77357cddd
SSDEEP

6144:D4mXEU0AU8qYWi0BtNwG2xwC9VMEHka91rVUqS:DEUhWiqqGhs1O

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4248	4988	rundll32.exe	81
PID 4988 wrote to memory of 4248	4988	rundll32.exe	81
PID 4988 wrote to memory of 4248	4988	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\winvnc.x86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\winvnc.x86.dll,#1
  2⤵
  PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads