6a85a68cbbce8aedb5c6588f85d41184c8993315907aa648bfae25d31648198a | Triage

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:40

Sharing

Report Analysis Logs

General

Target

酷客精灵/EncLib.dll
Size

91KB
MD5

8f4355a31c0a724663888450b3d752f6
SHA1

6d6d2841570cc8fb0fba88dafa0e69e07587e45f
SHA256

7696579f839d06d8fc315dc025c85b17fbb21e3d7e01fc9cb0ec8358f50b0755
SHA512

1f395b5f66e13be358370410d7eae87eb296b16092736ed2ba1d85e721ac6a0259fbc4012a8d6791759e7ef6df4727d7bb99ced64467c03237aa154fe4987bec
SSDEEP

1536:+wA24bPzzVBjTCpFex6qO9MEhGpD4X1n1BOpBlI89B25fWPr+Oeu+Oei19k:+wA24DAjhGpD4X1nje9k

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2800	1244	rundll32.exe	20
PID 1244 wrote to memory of 2800	1244	rundll32.exe	20
PID 1244 wrote to memory of 2800	1244	rundll32.exe	20

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\酷客精灵\EncLib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\酷客精灵\EncLib.dll,#1
  2⤵
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2800-0-0x00000000005C0000-0x00000000005E1000-memory.dmp

Filesize
132KB

Download