f9de69f500316f89884b9809943388ea1c7bab6e9164316f9e880e4bbc2fa469 | Triage

Analysis

max time kernel
133s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 14:33

Sharing

Report Analysis Logs

General

Target

MiniUpdate/Xor.dll
Size

3.2MB
MD5

670606f82f9397e194792a27ed81b5be
SHA1

295e7775d033ccf053de835b1be0c98c558b6e0f
SHA256

09b0941f68fa3c66ef1acdf31c008cc163ec1f8c0dd16fae27f33b1223636b87
SHA512

d8878d0dc5e52c785a8a2df8ab4802e3e11ee440364e650404eb809e942219f52bb02303a9d40c250531f18a3bf78dbf8731a7bcea3b85dbcff614a4fb3c76bf
SSDEEP

49152:NNTM2u7uusjldYuNEGp5fHMGHnN1RdCWz:euplEIHHN1nC8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 1228 wrote to memory of 3736	1228	rundll32.exe	89
PID 1228 wrote to memory of 3736	1228	rundll32.exe	89
PID 1228 wrote to memory of 3736	1228	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniUpdate\Xor.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MiniUpdate\Xor.dll,#1
  2⤵
  PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads