8e86e10a9b3a48604514c4fab81a68afcc48d1cbcf932255afdc8ca85e33c12d | Triage

Analysis

max time kernel
47s
max time network
79s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
08/03/2023, 16:56

Sharing

Report Analysis Logs

General

Target

PvZRT_Data/mmf2d3d8.dll
Size

446KB
MD5

59aeab50440b9f50389a997bc6c44866
SHA1

61e7a377a98df935bc4a0c94776cf8e4b49c4cb8
SHA256

9cba4d670209c69039d0d92598aab6d916d9fbd215b634012ff9cef55bfaf559
SHA512

fd0c8a94d47af3149ac32406294c4ef25e741249126e0fdd0f8e3ea46a7a85e83921edd08d26b17beec00afe102bb9a897664e17da58e8c2ece2d277e058275f
SSDEEP

12288:FET+JrnmtBKpjh7RhObbSstL7pDt35JXF/GRK:FA+Jrakjh710HpDt3nVuRK

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 5008	4904	rundll32.exe	67
PID 4904 wrote to memory of 5008	4904	rundll32.exe	67
PID 4904 wrote to memory of 5008	4904	rundll32.exe	67

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\mmf2d3d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\mmf2d3d8.dll,#1
  2⤵
  PID:5008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads