2f2389c4427f79cb94d8d4fb3650b1cf0a27c0fc8996cf9edd061aa8b74fb6c4 | Triage

Analysis

max time kernel
112s
max time network
321s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
02-04-2023 17:50

Sharing

Report Analysis Logs

General

Target

Oneshot/SDL2.dll
Size

4.9MB
MD5

a9b9253385dfdcbfea6fe270ead88b70
SHA1

1d575885ac0ee03f57530fc79e47f438b62a9d25
SHA256

1b736dc1b78f2298f5f6b1debbc6fe5e95417cc8add6d6ae2e0806d94973ebd3
SHA512

efbfa9c2d2609eb57366e2631194dbaf41478a285058a86c40fc151aa36f11ae273f55cca2273930e5dc86ebd012b2dc5eecf26d8b75895b188817694b40b2c2
SSDEEP

98304:lxp9esz5j9uDFtwyQB7/Qo584O7ip1QP9Pnty9nudYp+:lxp9Zj9kiponty9nudT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1680 wrote to memory of 1740	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1740	1680	rundll32.exe	rundll32.exe
PID 1680 wrote to memory of 1740	1680	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\SDL2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Oneshot\SDL2.dll,#1
2⤵
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...