6a0664da0332aa8f4428914ba6aff37506fd239776a881e6d24f1cf5b60cbb70 | Triage

Resubmissions

24-09-2023 15:33

230924-szdm4shh59 3

Analysis

max time kernel
133s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2023 15:33

Sharing

Report Analysis Logs

General

Target

libxsse.dll
Size

1.0MB
MD5

b1fd79daec18373aaa488b59dd2c178e
SHA1

ddb20cec5b29e3345c1c2729741093050c34602d
SHA256

49a2c690ce1cd5fc0fa3d09ac36e6afc543a9642da7bce9656f7a63e91b8bf2f
SHA512

80989ba49e75a4608d374029b4202d347b31dee7849c31acb7a85908348b1132d343fa955609cb997046d68cb13b12ded53b5f9372ff86332e60ecf43c175264
SSDEEP

24576:YzygzQi4YEGGmNAKthjtoDwU4t83IjP/3JEFN6a:0VrEGWtSuIr/ZEFN6a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1556 wrote to memory of 4976	1556	rundll32.exe	rundll32.exe
PID 1556 wrote to memory of 4976	1556	rundll32.exe	rundll32.exe
PID 1556 wrote to memory of 4976	1556	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libxsse.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libxsse.dll,#1
2⤵
PID:4976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads