42cd003d51ecbce1731e918f8e46decce104c22d65a2473206117c9067b0996c | Triage

Analysis

max time kernel
61s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20231130-es
resource tags

arch:x64arch:x86image:win10v2004-20231130-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
06-12-2023 23:55

Sharing

Report Analysis Logs

General

Target

msvcr80.dll
Size

617KB
MD5

1169436ee42f860c7db37a4692b38f0e
SHA1

4ccd15bf2c1b1d541ac883b0f42497e8ced6a5a3
SHA256

9382aaed2db19cd75a70e38964f06c63f19f63c9dfb5a33b0c2d445bb41b6e46
SHA512

e06064eb95a2ab9c3343672072f5b3f5983fc8ea9e5c92f79e50ba2e259d6d5fa8ed97170dea6d0d032ea6c01e074eefaab850d28965c7522fb7e03d9c65eae0
SSDEEP

12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1920 wrote to memory of 4612	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 4612	1920	rundll32.exe	rundll32.exe
PID 1920 wrote to memory of 4612	1920	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\msvcr80.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\msvcr80.dll,#1
2⤵
PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...