9ccf48915c9079c4ea8c4cfa812289c23a0b16ff5472aed19baec4d79435d37f | Triage

Analysis

max time kernel
51s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2023 15:00

Sharing

Report Analysis Logs

General

Target

weave.dll
Size

7.8MB
MD5

6f3874c666a2b2de623a5d1604c45e53
SHA1

8ecc5386c6b36facf532779b78201cd8ab3ec643
SHA256

9ccf48915c9079c4ea8c4cfa812289c23a0b16ff5472aed19baec4d79435d37f
SHA512

87a2a8f0ad915c6aa90413aa554c190b811bd66484e71d1b00fa5bef109cacfb5e021247de0c1d7625e1401c496007b9e3400156c5d076eb3b7213735969cbc4
SSDEEP

196608:eLJcIdC8tgh3r+ffJg6bcQXdMmK9P/sd21iYMbGj:eLSIriTdQdMp9PkAiY+Gj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 1304	4500	rundll32.exe	85
PID 4500 wrote to memory of 1304	4500	rundll32.exe	85
PID 4500 wrote to memory of 1304	4500	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\weave.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\weave.dll,#1
  2⤵
  PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads