50fa244bace65606484686c0468c38c07cacf8d51dd4be774e231dc94b63371c | Triage

Analysis

max time kernel
73s
max time network
79s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
10-07-2023 07:13

Sharing

Report Analysis Logs

General

Target

Res/hskin.dll
Size

132KB
MD5

1de37ff829502f5cdeffd86e5ddc5351
SHA1

355f026d6f8c43956b8d326026038bf809f7350d
SHA256

3eef905a3c6b0729f2ec13924dbf51af6b5d72d256a0e8959e7bd929b7e85294
SHA512

78134588efd2003740c3d569d834e9dbfc45df9076bc30d7d8007dd7258f5a6f7db354ce950793e6f93f8a8d90c96cbba938864f759637bb707aa575d6485947
SSDEEP

1536:giS5zJfm6ifXMBNJSZw4SLM5Eauu2jebBmSCmjoJJCWueh0q:g7zmrfXNZ4mpBjjoJJCJeCq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2992 wrote to memory of 3052	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3052	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3052	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3052	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3052	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3052	2992	rundll32.exe	rundll32.exe
PID 2992 wrote to memory of 3052	2992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Res\hskin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Res\hskin.dll,#1
  2⤵
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads