2ba992d4192de17328cad79264ec9f91221d585f2ed094e239ef0bef003517b7 | Triage

Resubmissions

17/04/2023, 18:58

230417-xmtwsahd5w 1

17/04/2023, 14:47

230417-r5yd2aef58 3

Analysis

max time kernel
46s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2023, 14:47

Sharing

Report Analysis Logs

General

Target

theZoo-master/imports/_rlsetup.dll
Size

10KB
MD5

ee960471f46f1f9c3251723a9dcbe0f2
SHA1

5047b4ac6ae0d5db8de15ac1df9cc142464c3232
SHA256

69c6fdf358e370356e242eceb9f8f021703b5472b9efc5832ee12396b4a48bc3
SHA512

fcc52c5ec1c7ab210c2814897b10f06f362d12979583076ca717ee7c618b00d3ab27694b9b05b9c6a26f2445fa09b196fbc5cc6abb96b740048bf1c80e123811
SSDEEP

96:PfS/8nHaM2zE2YbTv5bVeODTj3G3ykNhc7+PO/cc94cl/Xu:nH52+r5PDTqy2Kcc94c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 5112	4584	rundll32.exe	79
PID 4584 wrote to memory of 5112	4584	rundll32.exe	79
PID 4584 wrote to memory of 5112	4584	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\theZoo-master\imports\_rlsetup.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\theZoo-master\imports\_rlsetup.dll,#1
  2⤵
  PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads