Overview

overview

10

Static

static

3

Invoices.lnk

windows7-x64

8

Invoices.lnk

windows10-2004-x64

10

Res/TVPSkin.dll

windows7-x64

3

Res/TVPSkin.dll

windows10-2004-x64

3

Res/hskin.dll

windows7-x64

1

Res/hskin.dll

windows10-2004-x64

1

Res/tvp.exe

windows7-x64

8

Res/tvp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    90s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-07-2023 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Res/hskin.dll

  • Size

    132KB

  • MD5

    1de37ff829502f5cdeffd86e5ddc5351

  • SHA1

    355f026d6f8c43956b8d326026038bf809f7350d

  • SHA256

    3eef905a3c6b0729f2ec13924dbf51af6b5d72d256a0e8959e7bd929b7e85294

  • SHA512

    78134588efd2003740c3d569d834e9dbfc45df9076bc30d7d8007dd7258f5a6f7db354ce950793e6f93f8a8d90c96cbba938864f759637bb707aa575d6485947

  • SSDEEP

    1536:giS5zJfm6ifXMBNJSZw4SLM5Eauu2jebBmSCmjoJJCWueh0q:g7zmrfXNZ4mpBjjoJJCJeCq

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Res\hskin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Res\hskin.dll,#1
      2⤵
        PID:4892

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads