2f2389c4427f79cb94d8d4fb3650b1cf0a27c0fc8996cf9edd061aa8b74fb6c4 | Triage

Analysis

max time kernel
295s
max time network
354s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
02-04-2023 17:50

Sharing

Report Analysis Logs

General

Target

Oneshot/OpenAL32.dll
Size

703KB
MD5

4f953cf95b76cb4aad0fd15561238c16
SHA1

b201faf83b5a7dc19a649a148224d0c7de458552
SHA256

da0160426f31e75f34ac42636649aeee4a7a6bc766dac268e7a3a81cc4f0f7f4
SHA512

15013363723306b8b89371d800e2597d65a845dbd75a83c44f392c7a925fd08ed69398e7f9ba4d121b724f3efe6dc3a58e2a40ba6df2010aee5b430f2be1db71
SSDEEP

12288:y2+rBMcmZ7G7c+94vvA3vLO5YEtWWnPCDUS9FGFY:y2AMWA+2vvA3vL6MGe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 428 wrote to memory of 596	428	rundll32.exe	rundll32.exe
PID 428 wrote to memory of 596	428	rundll32.exe	rundll32.exe
PID 428 wrote to memory of 596	428	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\OpenAL32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\OpenAL32.dll,#1
  2⤵
  PID:596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/596-118-0x000000006B800000-0x000000006B88E000-memory.dmp

Filesize
568KB

Download
memory/596-119-0x000000006D0C0000-0x000000006D13A000-memory.dmp

Filesize
488KB

Download