963ed0909e317cbef3063bb417ecab92d3b95c4577409f1745cf5f81cffee318 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 10:14

Sharing

Report Analysis Logs

General

Target

SScanner.dll
Size

109KB
MD5

674675acce75b610f66c7d5a6f2d8418
SHA1

75f85a887dbfff5ad150a9d6f20c49addc04e923
SHA256

1f3a30f4b7fe4e20bbdaa34690f4d9914d3bde2e4ec74ec8c59f06f822685082
SHA512

317019ed9b021db127b5f5eeb1d13ddf3781205bda9675c516e6622765226372ea1ff61c56a4d8864d74cc7ea7487e41ef6803566c19f022f0a9c7084a4a5751
SSDEEP

3072:HdnKdjuUEwZ543pE7WQ15hMDpELOzboLZGFxavftx8ng:9nKdjrEwZ543pEqq56e/Mavftxx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2232	2372	rundll32.exe	28
PID 2372 wrote to memory of 2232	2372	rundll32.exe	28
PID 2372 wrote to memory of 2232	2372	rundll32.exe	28
PID 2372 wrote to memory of 2232	2372	rundll32.exe	28
PID 2372 wrote to memory of 2232	2372	rundll32.exe	28
PID 2372 wrote to memory of 2232	2372	rundll32.exe	28
PID 2372 wrote to memory of 2232	2372	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SScanner.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SScanner.dll,#1
  2⤵
  PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-1-0x0000000010000000-0x000000001024B000-memory.dmp

Filesize
2.3MB

Download
memory/2232-0-0x0000000010000000-0x000000001024B000-memory.dmp

Filesize
2.3MB

Download