afcf68a07d69614a211f2815e17fb252af56b43f3c4b4e648e5d1fb24309a0b9 | Triage

Analysis

max time kernel
91s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 08:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

camerarecord/零度摄像头录像软件/LPK.dll
Size

16KB
MD5

d879ecc9e7bd4557cc198cad6a51d373
SHA1

bd71189f06e5177d06c5f24f75f2aea99aa83b83
SHA256

cdae6332bac800ccb672c04301ddf746e23e1eca10ccac755e8fa886b2a8c822
SHA512

6e6ea49c02748ba6d2c2f87cc00ffa9398da76e9e49f73ae7608216ad5721389134f27a8b7c1136d32c47d43b75857b2a18b0ad9fc87ea92ba29a7bbdd2a650a
SSDEEP

384:h9jaKnHbwFa8uuHl+EumC0RKhfSAToGmDi:h9jaKnHsE8uUkEuzPhfSAkjm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral4/memory/2704-0-0x0000000062C20000-0x0000000062C3D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 2704	3704	rundll32.exe	86
PID 3704 wrote to memory of 2704	3704	rundll32.exe	86
PID 3704 wrote to memory of 2704	3704	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\camerarecord\零度摄像头录像软件\LPK.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\camerarecord\零度摄像头录像软件\LPK.dll,#1
  2⤵
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2704-0-0x0000000062C20000-0x0000000062C3D000-memory.dmp

Filesize
116KB

Download