8c5977a93001297bb5c08cc6493d4b0c0c25bb7f394378d6bde8e508a3d85bc4 | Triage

Resubmissions

21-03-2023 19:47

230321-yhz3nseg6v 10

21-03-2023 17:44

230321-wbegaacc73 10

Analysis

max time kernel
963s
max time network
972s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 19:47

Sharing

Report Analysis Logs

General

Target

OneLaunch\5.3.5\chromium\chrome_elf.dll
Size

874KB
MD5

13df8a69a4ee66f01d6f2a82cee96135
SHA1

76eb776f8afbb2aa537f5e04cafaa571015ef76d
SHA256

6c785195681974a1b6e5a17d36b99204dad0a1fb9ed8b8fd354d2a0353573d3a
SHA512

2f3f10edb0f65274e52590b2fd44fae28ec382f6eee0c6b8b4bbee070ca4bd77cf1de446f0bf0bcd0230e71dbff81f097b7f4de0536928ec58ecb0f3017c5942
SSDEEP

24576:wqFgvG6RBq2YIpCjB+a7spEs0KjxA+Q0Ibm:wc1qCN+a7EHjxAAIbm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3636 wrote to memory of 3608	3636	rundll32.exe	rundll32.exe
PID 3636 wrote to memory of 3608	3636	rundll32.exe	rundll32.exe
PID 3636 wrote to memory of 3608	3636	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\chrome_elf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OneLaunch\5.3.5\chromium\chrome_elf.dll,#1
2⤵
PID:3608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...