2e1e9fcdf5c97ef55077a8c62ee0b60f614fa76e0fc5c06a7ac8a262ae67b21f | Triage

Resubmissions

01-02-2024 15:37

240201-s2hpvaahdm 10

23-09-2022 05:24

220923-f363lshbel 10

Analysis

max time kernel
593s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 15:37

Sharing

Report Analysis Logs

General

Target

AvastSvcyHA/wsc.dll
Size

52KB
MD5

fd866f6e1b997c31bdb6ba24361663e5
SHA1

fdf4296522e9ad7ed6d2b7a8aa53debb15566c19
SHA256

28875b1d6206e41ddcdbae56c6001915735c08f11f6a77db5a7107a4236afb34
SHA512

05e8aeb4d0f318db1943797f22388cbc43432b8206fc2b2a38505f2cacbcf25b7058015ea5e462d1778f20b3b31e256a1747f7416e26a939e5eb60b8664ad49c
SSDEEP

768:nqAyRlzgT291lvLotX8UoImwKtZ+eiVoKWUkfbZoJBl:nqAyR1gTWPc3mwje3o2oJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1744	1784	rundll32.exe	84
PID 1784 wrote to memory of 1744	1784	rundll32.exe	84
PID 1784 wrote to memory of 1744	1784	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AvastSvcyHA\wsc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AvastSvcyHA\wsc.dll,#1
  2⤵
  PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads