8e86e10a9b3a48604514c4fab81a68afcc48d1cbcf932255afdc8ca85e33c12d | Triage

Analysis

max time kernel
242s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2023 04:26

Sharing

Report Analysis Logs

General

Target

PvZRT_Data/Layer.dll
Size

136KB
MD5

5f7ab4b3ce5c2f35bd2caf55e51115ba
SHA1

6c492fba3c1f92d0a9537a7f574382f2b6b71692
SHA256

6f06ea2607309aecfc35589c5a0f1799dc3cf6627841e3dc56347810e6197dd8
SHA512

eaba9a833dc93ebce22846da5d1c697dce5ce738402b1635dfcdd7e740b8935499d03fe5649ff0773a51290f7dbbd050082d340fab2a96848fff1d18dc53bdec
SSDEEP

3072:sLkEGK6OJm7Y+VvdRTOIXsR6hkCXHip+gbOFkkM/9W0Ol1OtKweNj:akEZ5J8jVvSIcR1Cyp963fj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 4712	4796	rundll32.exe	81
PID 4796 wrote to memory of 4712	4796	rundll32.exe	81
PID 4796 wrote to memory of 4712	4796	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\Layer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\Layer.dll,#1
  2⤵
  PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads