63e799505ac9f425a9ae000adf438812d50cb7b92de50d4e45e042af704af49c | Triage

Analysis

max time kernel
378s
max time network
886s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
06/03/2023, 21:21

Sharing

Report Analysis Logs

General

Target

iGdi.dll
Size

160KB
MD5

150f19ffcf1c56e3c5f77eb712d0310b
SHA1

ee29d37fe83ac48c00b5a15ef8073a653ac3354d
SHA256

63e799505ac9f425a9ae000adf438812d50cb7b92de50d4e45e042af704af49c
SHA512

e2bef9203abbd6934a16bd43c3f8975a69eca3c9ddea66d76dfd97fafceadb8779ea3c2b1f75787e7f909357ef636f5964a903148190886cee35a81668780e49
SSDEEP

3072:PWK3ianWdHMdqkvdopap9xKq18w4MJzmcSbUO:PWrN9MYpa/xP1fz4B

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2552	2496	rundll32.exe	66
PID 2496 wrote to memory of 2552	2496	rundll32.exe	66
PID 2496 wrote to memory of 2552	2496	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\iGdi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\iGdi.dll,#1
  2⤵
  PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads