9896728773929d7dc5811d412afc65beee94151e5d0769c7e7a3fba23e7d774c | Triage

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:41

Sharing

Report Analysis Logs

General

Target

gnsdk_musicid.dll
Size

214KB
MD5

af73dd7fa42f5c2a207b10eb023ca119
SHA1

775160d13b370345ca7722ecb2a8b0c7abca8cc2
SHA256

2cf99b6d79ffbe93280b79d37cbb4c0aa2f2ef5b04e6ad7a92deeca2019d4709
SHA512

b1b8f0b2925c80dbae43ee7d31eb89939f477cc81827ed6ce1a4accc4d6bfe198026198568dce9faa1a487f986809b297aa76da0480f82318688c03fc1a71de8
SSDEEP

6144:glnx9Uehp5z5W5lxLNsgKAF0zSzTBUioK:iPrdFGxLNsT9s

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2092	2900	rundll32.exe	17
PID 2900 wrote to memory of 2092	2900	rundll32.exe	17
PID 2900 wrote to memory of 2092	2900	rundll32.exe	17
PID 2900 wrote to memory of 2092	2900	rundll32.exe	17
PID 2900 wrote to memory of 2092	2900	rundll32.exe	17
PID 2900 wrote to memory of 2092	2900	rundll32.exe	17
PID 2900 wrote to memory of 2092	2900	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\gnsdk_musicid.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\gnsdk_musicid.dll,#1
  2⤵
  PID:2092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads