941c55c178d109c1af6ca548fbc8d5cf2abe6a7ae9c9517348f499e015ce14fc | Triage

Analysis

max time kernel
450s
max time network
455s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2024 00:08

Sharing

Report Analysis Logs

General

Target

Engine.dll
Size

28.2MB
MD5

8184bd4102014f51e320dd22511e84c6
SHA1

9dd02d7a487b2a6cbed32db5aa48d06b9d337ee2
SHA256

86bcbb2122f14de0e179ea1dd2d71d7d33c42264024db95185a4714e38f7004c
SHA512

68d539f00e48a5dfe90327db2f6e9ef0ce78c93edc19201736dcf7271c9b1c52224f248e4eda6faa14c419f2649649f2b8ca3d8412e4592388d0eb1164394a61
SSDEEP

98304:1YE4+24q9iTEucpUuSoDdpy+hvwtpzzLMtfr6H7btw8csOMDpxLdt0//p2:ot4Y9pUQe+hvwjzzLM4H73u3w

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3388 wrote to memory of 3876	3388	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 3876	3388	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 3876	3388	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Engine.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Engine.dll,#1
  2⤵
  PID:3876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3876-0-0x0000000020000000-0x0000000021C3F000-memory.dmp

Filesize
28.2MB

Download