5fd5a9dfa514609a2bd6764d04a119a245eaf4b991b0a8db437fd75c80efaf9a | Triage

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 12:44

Sharing

Report Analysis Logs

General

Target

steam_api.dll
Size

174KB
MD5

c2805315736aa466f28980dc752e395a
SHA1

7d85a8a8f04013dfa9e895999ced80d31475c29e
SHA256

5fd5a9dfa514609a2bd6764d04a119a245eaf4b991b0a8db437fd75c80efaf9a
SHA512

516b4c723bdd70d8aea65249aa99bf42571d649a6aa1fe6a011bb12f57e14913deb3d4ae2505a9b10ec89a1d69b6cf191b9cd4e334848a0671856ab3ae745783
SSDEEP

3072:ViXOs4C0tZi8PNybdTPhQpgmTKX+xq37yGqiZNJnmVd1kNQPk8Tx:MXOtPNQdTPyHo5VNJnI/c8Tx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 4340	2500	rundll32.exe	79
PID 2500 wrote to memory of 4340	2500	rundll32.exe	79
PID 2500 wrote to memory of 4340	2500	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\steam_api.dll,#1
  2⤵
  PID:4340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads