10273efcac023d59fc68901d4d4fcf3ca59858fbca92ffb81243ccd49784218d | Triage

Analysis

max time kernel
151s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2023, 16:07

Sharing

Report Analysis Logs

General

Target

GDHM_TASBOT_v35.6/chrome_elf.dll
Size

975KB
MD5

4f179dd8c679540f60db142ff9ffa138
SHA1

25c1d82d30f89c3e2eafdf77c5435f51854e1798
SHA256

37261005b011733ac0a055980d22f0a31170e7d4af15fbe675c94f78dfb45b6c
SHA512

50de56395fc68af9ef0d032a2f1cb5856987a2c82dadd56caa2eab0554b26cf6693abacdd0cc1e9546a662cd1614ce3826cc7a4dbfbce54a8a9157578b14870f
SSDEEP

24576:rrq0hCg2lt/ILIrmdTsI6OoDsYfX9O0TbjqsozHpEBL8:1kt/IL2yisYlOgHolEB4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 2236	3844	rundll32.exe	84
PID 3844 wrote to memory of 2236	3844	rundll32.exe	84
PID 3844 wrote to memory of 2236	3844	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GDHM_TASBOT_v35.6\chrome_elf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\GDHM_TASBOT_v35.6\chrome_elf.dll,#1
  2⤵
  PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads