61d524d5e2174ccf68635a5735c8e8084e3bbd605d23c5d14b2d93d5eaa49fce | Triage

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-02-2023 14:50

Sharing

Report Analysis Logs

General

Target

xca.dll
Size

192KB
MD5

1f9e9fca55ab31f623f9a80d838fc1ef
SHA1

e62e2716c16ccaa826444c9df599e5eabf1d0228
SHA256

83d0ffd178ced9a19186d3702ca530ce2a8c008cfd5d67cf4dd10351416f7eaa
SHA512

c8d835b49bb56fbaeb6805dbb8e28bdf0b240115de1350bd10bd8d79a9a7718601f682def7194549bb9edf81042e65ef4b887e49b0bdd72f23d3503e709ccac1
SSDEEP

3072:412QOopvfcJSXAQ4qdhHBdxFF/NlXORee+tZVKfHCv:4zOwfcJp9Sjh7evcSfi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1408 wrote to memory of 1604	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1604	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1604	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1604	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1604	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1604	1408	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 1604	1408	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\xca.dll,#1
  2⤵
  PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads