02cb95700440b100604ece78649b2ef41b2b7ea8ff68afbb02a01148a3f7c106 | Triage

Analysis

max time kernel
128s
max time network
136s
platform
windows10-1703_x64
resource
win10-20231025-en
resource tags

arch:x64arch:x86image:win10-20231025-enlocale:en-usos:windows10-1703-x64system
submitted
19-11-2023 02:54

Sharing

Report Analysis Logs

General

Target

901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll
Size

41KB
MD5

901fa02ffd43de5b2d7c8c6b8c2f6a43
SHA1

8bb71adf1c418061510c40240852c3cd61fb214c
SHA256

3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679
SHA512

6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab
SSDEEP

768:fQ+il+psGX0QEohGEVZ/E2G7k14rQMRkoIQ:fxiYVjE4VZ/ZWRkoI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1456 wrote to memory of 4852	1456	rundll32.exe	rundll32.exe
PID 1456 wrote to memory of 4852	1456	rundll32.exe	rundll32.exe
PID 1456 wrote to memory of 4852	1456	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll,#1
  2⤵
  PID:4852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4852-0-0x0000000000A50000-0x0000000000A63000-memory.dmp

Filesize
76KB

Download
memory/4852-1-0x0000000000A50000-0x0000000000A63000-memory.dmp

Filesize
76KB

Download