cddc7c774570b556d8d391203f8084e97850f3cee8a482a0c36ea74de348da2f | Triage

Analysis

max time kernel
127s
max time network
133s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
23-07-2023 22:52

Sharing

Report Analysis Logs

General

Target

languages/en_XM/DasAPI - Copy (2).dll
Size

90KB
MD5

adb76e360f42e839bfb7f84bfdfa104a
SHA1

d5df58d6fc75af7884b261c0d39ab3edf1486db4
SHA256

abf4e9357c97b5bf51a9e1be453264cf72b5440702d085da9b136a5844e548f5
SHA512

c24ee8806357d39d240cc25267a19cb707fc744227d7edd7a7eacaee0a7f0e8d532a10ec3d953b362ac7c906486da8298d76930a85c9711a109bb25ec479b5e4
SSDEEP

1536:JgxGROzXCcUv4C+GV/cI6sWjcdEiYxKN0tbz:JgxkU3K47GV1l5YxKN0tbz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 2764	652	rundll32.exe	70
PID 652 wrote to memory of 2764	652	rundll32.exe	70
PID 652 wrote to memory of 2764	652	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\languages\en_XM\DasAPI - Copy (2).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\languages\en_XM\DasAPI - Copy (2).dll",#1
  2⤵
  PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads