2f2389c4427f79cb94d8d4fb3650b1cf0a27c0fc8996cf9edd061aa8b74fb6c4 | Triage

Analysis

max time kernel
308s
max time network
347s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
02-04-2023 17:50

Sharing

Report Analysis Logs

General

Target

Oneshot/libpng16-16.dll
Size

907KB
MD5

e890d2aef08530e587ef9413a8793f7d
SHA1

bba1ecd662b051b50bec3170ee0d61a246186069
SHA256

851fba1d94ed8dbfd19101930958fdb514fb31d9f949d3254333c7929109798f
SHA512

527de55f6b25c991d76333ec7b9366fb2da7be65558c4a2ddde3c46e7c8b468ea437ae74487551ef2a63837b8c2c44c61a079e6648bdbff4b476101ad8e8b254
SSDEEP

24576:0i0xd/62K4Hug7Q75BDzRvUq4Phv9FI+CBlqxe:9KuEJv7I++

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4188 wrote to memory of 4500	4188	rundll32.exe	rundll32.exe
PID 4188 wrote to memory of 4500	4188	rundll32.exe	rundll32.exe
PID 4188 wrote to memory of 4500	4188	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\libpng16-16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\libpng16-16.dll,#1
2⤵
PID:4500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...