fec4a1e000d4ed061e825fb3f6f555f1341ba99a03c04ed9f819d8635c04465b | Triage

Analysis

max time kernel
136s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2023, 03:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Hack Launcher/hack.dll
Size

135KB
MD5

acb20911248011efec85b6a86a63f76a
SHA1

e8fb7ea1b5d6ef8dfd3a637456909b0a72008825
SHA256

4d725b105705260065093273cc93b5db7f57afbe05140125fba0856fc46ec1b9
SHA512

a4f2b9b502f481ba6a559f896a232521bc111c1d24d4307b5f96edb98cb108f7ef490bca1d2ea60654aec58a4dc9edda1b3645baa99eb08a9997842f1b7c5098
SSDEEP

3072:Zms85B/6AXcctyvm6MAjUN+nmpLyG1GPA:C5V9M3MA4QmNyGwo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 4344	3040	rundll32.exe	85
PID 3040 wrote to memory of 4344	3040	rundll32.exe	85
PID 3040 wrote to memory of 4344	3040	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hack Launcher\hack.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hack Launcher\hack.dll",#1
  2⤵
  PID:4344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads