62b74a688d22bfdf20f673a351580029d7b9de67c6facc9a5613b22b3f798968 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/07/2023, 16:50

Sharing

Report Analysis Logs

General

Target

zh-Hant/Shadowsocks.resources.dll
Size

4KB
MD5

d32ed24c2ff0629f1b08c75a03ca7efc
SHA1

d0da6b0cff90b6d406e32db2a0d624d6cdcd1d5d
SHA256

69e04655a5219353675256ee279c9731fca214405eae0d879d3186638594859b
SHA512

303634bc1988bbf633eb208abfeb7735336548ff4e11ff7db41cddc1ecfbd36e18fe27934cda58b038304bd6918ff9045d645aeb4607eb81486e60e88fdbb653
SSDEEP

96:YNoemCykJhM6tA+9T+Pc/PyaGNFZ2ocKlPOqSysf:AoemnkNFG7ZEKn8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2980	2256	rundll32.exe	28
PID 2256 wrote to memory of 2980	2256	rundll32.exe	28
PID 2256 wrote to memory of 2980	2256	rundll32.exe	28
PID 2256 wrote to memory of 2980	2256	rundll32.exe	28
PID 2256 wrote to memory of 2980	2256	rundll32.exe	28
PID 2256 wrote to memory of 2980	2256	rundll32.exe	28
PID 2256 wrote to memory of 2980	2256	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\zh-Hant\Shadowsocks.resources.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\zh-Hant\Shadowsocks.resources.dll,#1
  2⤵
  PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads