5cac67bcaf0d3f58cda64798cae880edf99d367625568bfbd302b2dc3b076f35 | Triage

Analysis

max time kernel
179s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 17:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

swing.dll
Size

159KB
MD5

fcba030ee6d4b80a513ff8a19289371a
SHA1

0e4a4d017203eb98c9221c937d03d25896552ae4
SHA256

f4977568def317f4ec22b88b545ddaa3a74f901a5708d6e1b7fd6fbd889a1759
SHA512

ad40c94c8d70c0740e0848a72fee95de6084c87b7cca5d949ee5e3daedb4b49aa53cec0d73f4143cd41d9598fba7ada639f4f09e5e135e294ac879a0fe3ba619
SSDEEP

3072:fpF5+KdYQegN3R2A7nQGOQq9d92CfDtjedHQHQVuop17R2gW/hJoU31:fprjqcN3RNU/3ftSdmtot2rvoU31

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4184-0-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4184-1-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4184-3-0x0000000000400000-0x000000000046A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 4184	376	rundll32.exe	90
PID 376 wrote to memory of 4184	376	rundll32.exe	90
PID 376 wrote to memory of 4184	376	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swing.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\swing.dll,#1
  2⤵
  PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4184-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4184-1-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4184-2-0x0000000001340000-0x0000000001341000-memory.dmp

Filesize
4KB

Download
memory/4184-3-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download