feb77740eb6d9683514987b51d8d4148f3521d2971525aff05516bc181db917f | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
03/11/2023, 02:53

Sharing

Report Analysis Logs

General

Target

Glk.dll
Size

1.3MB
MD5

1a7468129ec6f1308759d85aea13349b
SHA1

c7ed7233129af7c80b07b12594854e3a9bee1a89
SHA256

f479860d8ca90eb8ba7f9f5c395f990cdd84e65639900717d4557304208a8ba6
SHA512

4210f96e7a9e9e57d8f0f181cf279d54bbec4634489a89c1e32b945aae045f51e224b7174249a641cd26bf94fb0f48166a4b328e11a946d09343dbf2011dbf86
SSDEEP

24576:dR8UM4rxw5bYQ5UjRr1/8zTHpYlPJ+spxePaNsotyVeHqEPES5TBId2y7:dR8UM4r+CQ5g1/2YlZKPyYVeHdp5TGt7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1496	2480	rundll32.exe	27
PID 2480 wrote to memory of 1496	2480	rundll32.exe	27
PID 2480 wrote to memory of 1496	2480	rundll32.exe	27
PID 2480 wrote to memory of 1496	2480	rundll32.exe	27
PID 2480 wrote to memory of 1496	2480	rundll32.exe	27
PID 2480 wrote to memory of 1496	2480	rundll32.exe	27
PID 2480 wrote to memory of 1496	2480	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Glk.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Glk.dll,#1
  2⤵
  PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads