2ceffa0991f3d9f9a50e7eba2c5e939be6a0e8cf6a7ee7bb0c2b16ae2f7c3ca9 | Triage

Analysis

max time kernel
118s
max time network
143s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 14:27

Sharing

Report Analysis Logs

General

Target

JcmProfiler.dll
Size

587KB
MD5

9847acf575a7e04831bd98cd4d6e448e
SHA1

5838a3a97050297a9aaaaff03ca4424f3baca25a
SHA256

5f66855137cbbe62c49e16285bee3b9286d60f69418f3374cdbf23f0991af3e8
SHA512

d1c5bd81a2d072bf22c93d89a15b142649d9fcc67114fd200a67313f3f08951e93e6c55b3413ab913767b7438416628448f54ef8c1b973f3a8bccb75e34936c3
SSDEEP

12288:2jJaNOMB/tMQn8JxXwQmv/NctX5jQki7Zi2sbRWl9lXFbrvz:SaNLBHeJwQmtc8Zi2sbkl1brz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2616	2504	rundll32.exe	28
PID 2504 wrote to memory of 2616	2504	rundll32.exe	28
PID 2504 wrote to memory of 2616	2504	rundll32.exe	28
PID 2504 wrote to memory of 2616	2504	rundll32.exe	28
PID 2504 wrote to memory of 2616	2504	rundll32.exe	28
PID 2504 wrote to memory of 2616	2504	rundll32.exe	28
PID 2504 wrote to memory of 2616	2504	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JcmProfiler.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JcmProfiler.dll,#1
  2⤵
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads