8e86e10a9b3a48604514c4fab81a68afcc48d1cbcf932255afdc8ca85e33c12d | Triage

Analysis

max time kernel
221s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2023, 04:26

Sharing

Report Analysis Logs

General

Target

PvZRT_Data/kcclock.dll
Size

106KB
MD5

52d17266a014b5da9552a13d7594786b
SHA1

c1acdf4fcc9d5b985a8030a0cc3b6c6679e80a67
SHA256

d79eb00cd7822b836f4a7522c0a2acd08ab9955c3ee625a90ed8e8a177eab2ab
SHA512

149fda83701323ce52777a350fb844794d61aa4adea4b7e41910af4444c507bb0dd3134f996c42789b84edb75459e4e8c500fe6ebb467f55007a24fa0cf7e5ca
SSDEEP

1536:lt2RuYI/PdCCy01MQEjTRn7yP0C3NsWGcdJBazR1BpWWu:v1Qt80wHJBazR1eWu

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 3668	464	rundll32.exe	81
PID 464 wrote to memory of 3668	464	rundll32.exe	81
PID 464 wrote to memory of 3668	464	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\kcclock.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PvZRT_Data\kcclock.dll,#1
  2⤵
  PID:3668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads