6c611841f8150bff3266e0421a14b57c28c8767974adbd7e056db54162184934 | Triage

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
31-08-2023 20:47

Sharing

Report Analysis Logs

General

Target

tpkproxy.dll
Size

224KB
MD5

866c5d32df645cc5d0eab0830eab08f9
SHA1

b9e2713159f45740f5b5778830c23c4ad25b107d
SHA256

96ec5939e6629b2275fe3c048c8ef3c25fd78702196ceb8c29e9a6e2a85cf7db
SHA512

561b4edb3fe7af1e1dcae08b90e24a45f8ee1498021cc71cb21865bfd21b78460f0c8523c4acd058079610974cd71bf1dcb2f90b2ff19bb1b743cc9be2b625ba
SSDEEP

6144:j8FxsIxazUNxtp+k/rgUACLA4TBZS1bYQ9jOgjuG:jQxVb+k/rbA4TLS1n2G

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2252	2200	rundll32.exe	28
PID 2200 wrote to memory of 2252	2200	rundll32.exe	28
PID 2200 wrote to memory of 2252	2200	rundll32.exe	28
PID 2200 wrote to memory of 2252	2200	rundll32.exe	28
PID 2200 wrote to memory of 2252	2200	rundll32.exe	28
PID 2200 wrote to memory of 2252	2200	rundll32.exe	28
PID 2200 wrote to memory of 2252	2200	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tpkproxy.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\tpkproxy.dll,#1
  2⤵
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads