33b1cc24f787e0879be88253b5c445f9d4f9b0d8d678049dbf78fcdb94b65fe7 | Triage

Analysis

max time kernel
102s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 14:17

Sharing

Report Analysis Logs

General

Target

Tool_1CD_2016v030_edit_mode/icuuc46.dll
Size

969KB
MD5

48d65d0d02401f35b15ea141bebbf55f
SHA1

a7243dfa64e0001660b7e31b9d61f1d951991026
SHA256

5bc08da3673477e0b4de04663ac2e627ced758dfc2f1626e59445d23d433e40b
SHA512

b0293c33e8ecf1c89bb6b153ed61dd7a2ef3396d5c2a52ff6f08c9b6e6993959b0c1a6bb5fd7e04df8bdc541b434664457c375bc62861f0e5e10fb807fda0b0b
SSDEEP

24576:Oj7DTkG4pHNCRpizwCiFHbg53lINRtV7GZ11k:O85DepiL5evH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2312 wrote to memory of 3196	2312	rundll32.exe	89
PID 2312 wrote to memory of 3196	2312	rundll32.exe	89
PID 2312 wrote to memory of 3196	2312	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Tool_1CD_2016v030_edit_mode\icuuc46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Tool_1CD_2016v030_edit_mode\icuuc46.dll,#1
  2⤵
  PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads