09f37eb85bf7a2cb4c5edc696ff346e8ccb17b4e5bd4e0a23116c12b68edcedc | Triage

Analysis

max time kernel
102s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 16:18

Sharing

Report Analysis Logs

General

Target

usrapimm.dll
Size

156KB
MD5

c4a3a322bc679558dc7f002cd7d780fa
SHA1

4fbabacb98b04b5e39085e91298d71dc7c46fc0b
SHA256

a790acc5c397e6918ff9314051c0de59b3cf4590405aba586a903d4ac0f23d64
SHA512

f5ca533e5fa1b7e2c17d18eff2625ff87c82dd8df0e4fe7b5a81da79359865851e4afae6bd9ed04dae12732cfbc7d89c2ab86791f422f07745b347c4fe1f70f3
SSDEEP

3072:qhhh+XqUiTixztWJ51IR32WMiLuNuP/5CUlQfuAeyV:aEXYewJXy32OyI/VNyV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 4704	4152	rundll32.exe	86
PID 4152 wrote to memory of 4704	4152	rundll32.exe	86
PID 4152 wrote to memory of 4704	4152	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\usrapimm.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\usrapimm.dll,#1
  2⤵
  PID:4704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads