f366d535c63702f7412cfe4ec1c63edc3dd86c44f2d42ce9e6cfd63cec78d930 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
14-11-2023 11:44

Sharing

Report Analysis Logs

General

Target

WCUtil.dll
Size

180KB
MD5

c96b50cd072d1d1a556051adce915c73
SHA1

84d7c53e64c9b3c900f78d0749196f5c61c78e25
SHA256

f366d535c63702f7412cfe4ec1c63edc3dd86c44f2d42ce9e6cfd63cec78d930
SHA512

a1d4ba93d8963b6c7c758eeb97184828d484e48c9ee7c422050cda98d4d61474985e93e50d67a99dbc5d7a715a1b30a1cda7fbb7a14328da4bed9e4d3f203cf8
SSDEEP

3072:I74+blpt+wsxMl1NqAc5iSttkClpelrlL3bVaKoXAxOPYe:I74elpowsxizqyStZlpel5jyAxOPF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2572	2440	rundll32.exe	28
PID 2440 wrote to memory of 2572	2440	rundll32.exe	28
PID 2440 wrote to memory of 2572	2440	rundll32.exe	28
PID 2440 wrote to memory of 2572	2440	rundll32.exe	28
PID 2440 wrote to memory of 2572	2440	rundll32.exe	28
PID 2440 wrote to memory of 2572	2440	rundll32.exe	28
PID 2440 wrote to memory of 2572	2440	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WCUtil.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\WCUtil.dll,#1
  2⤵
  PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads