23232a1df527b6e23a47634684a3b9f9902f64785ca9d7aa56d8f5c533e6deda | Triage

Analysis

max time kernel
146s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
01/11/2023, 16:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

zPS.sct.dll
Size

2.7MB
MD5

982bafc924010364bd7476194d100274
SHA1

c7b86e8f0120bfcf57eca37a4368c9fec4e74af2
SHA256

23232a1df527b6e23a47634684a3b9f9902f64785ca9d7aa56d8f5c533e6deda
SHA512

018315a239538c9b5dbd145707d6e274d986f2211ad99f3a0bb2e1f07a3f0f040ebe26dd89dbac2041cc9226b8d5d3d759d34bfa978e6d1d9a31d28a740f41ad
SSDEEP

49152:/566l2+45BiNYFrz31Cv3D29kd6kDSZJ6ad4Dz9nkWq3S:/566l2+45UNYFrkvz29kdJDSGamDz9n/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 3484	3176	rundll32.exe	88
PID 3176 wrote to memory of 3484	3176	rundll32.exe	88
PID 3176 wrote to memory of 3484	3176	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\zPS.sct.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\zPS.sct.dll,#1
  2⤵
  PID:3484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads