5152b30af7bb2c813d69cc0c327d26dfb3358476b3ea5aa01b086796a4c9ee4f | Triage

Analysis

max time kernel
434s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 00:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

wapxnetdvs.dll
Size

355KB
MD5

910446b6ae0617215cfd2f126d980f9b
SHA1

7930bd1bfef04462cc4324639f5bb3da3d450c7a
SHA256

b73b2a98f90b76ff2fa65fefda07b469a1fa775e1e3c057eabd3e76a1153704f
SHA512

1f9e4f368cf35905ea51c9b9edce6891d8eb84b409b86822c4384d9beb87ad743e7ca41fbf8036ed3570fa38c86b0e6bcbbded115414b554f7950c5d4b62e4a2
SSDEEP

6144:NlrorCxKGlEnCCOKsGyq/iaGfV35Kesw6j/mPxSe5c8CKrPot0i:NlErsKpQIyqKrEj/MxSe5c8CKrPot

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 3616	4456	rundll32.exe	89
PID 4456 wrote to memory of 3616	4456	rundll32.exe	89
PID 4456 wrote to memory of 3616	4456	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wapxnetdvs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\wapxnetdvs.dll,#1
  2⤵
  PID:3616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads