c5958711c87358d92b505eda53dd9f167ac6dcbc0e509b34cbf1c69e2768f46e | Triage

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2023, 12:50

Sharing

Report Analysis Logs

General

Target

Setup_Loader v2.1/ImagingEngine.dll
Size

1.9MB
MD5

5da33d4abee44484f9579ff1a5212ba2
SHA1

7ef1eec3d446c23f000b42ce6645fb1dff923144
SHA256

3beb32ef72972bb78f4a00a7a2bd0ee2da457307bec852f96bb1763b0f8993f5
SHA512

b9d14e2f532b537d6587096eaee3afadc6233401c816686c72965cdec7acf506c90a41a1c7180cc999d54d55d97f7caeecad7fc4fc820c3f287b340a8b4c4fca
SSDEEP

49152:d4MI7zYmUDW0PxIKw5anPoSAd6TOaD+yqla3:OpzmDW0P3w5h7d66aka3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 1356	2384	rundll32.exe	84
PID 2384 wrote to memory of 1356	2384	rundll32.exe	84
PID 2384 wrote to memory of 1356	2384	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Setup_Loader v2.1\ImagingEngine.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Setup_Loader v2.1\ImagingEngine.dll",#1
  2⤵
  PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads