8272912ee1bf16a05192042253c37356e5944c0e26795772a14c606565ca58b6 | Triage

Analysis

max time kernel
185s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 09:05

Sharing

Report Analysis Logs

General

Target

YY5331过非法VE/DAHook.dll
Size

545KB
MD5

b5507db70f7d8b5f132e096176fa6619
SHA1

825b044b255d22daaaff5a19ceb7df49b2037f2e
SHA256

0a125b856b1c850e60a7ca98700205b5beb2bade887bf27ba43664d8f90dbcd8
SHA512

6445fe09d6d491f916d2b52c395edc89d67de42bc21cea8bcb538681c51a59fa4f8bbac3e00b8663dbc6043f7dfe0d06277d8f5a14685906a70db157de7b74e6
SSDEEP

12288:P98NrWTrzHhmw+l2dwiAcp3vgHmThT6YsFi9OT:P2qTxmw+IdhAchgHma9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 2952	3616	rundll32.exe	89
PID 3616 wrote to memory of 2952	3616	rundll32.exe	89
PID 3616 wrote to memory of 2952	3616	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\YY5331过非法VE\DAHook.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\YY5331过非法VE\DAHook.dll,#1
  2⤵
  PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2952-0-0x00000000008A0000-0x0000000000933000-memory.dmp

Filesize
588KB

Download
memory/2952-1-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download