3fe1f468e3ba9b4adb193fc391cbecede89148cf711c1481644f82d9d36afc56 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 08:56

Sharing

Report Analysis Logs

General

Target

kcheck2.dll
Size

30KB
MD5

3b1ffbe4744eefcaa7285eb4e700dca2
SHA1

6319e6863a3c980d94818daa1040f93e3e1be8d8
SHA256

fcff934d640972756710d86d55df19449dc90c58563e053d5b42ab4ac8dd30f0
SHA512

6d034b95f1324a51ccf5ad8145ebf79857c5d4a953e7ccfcf98fe7fc0adb11a1747205c14779df4051988dd0168a8bdf864eb511f6e3a349831af25fffdb0129
SSDEEP

192:ZuBd9yGkN2j9RhAEvryowJL/KxO4SLvYihx3aQe0HG0:G97Yi9R6yrYJLiOLLvYiDm0m0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2208	2896	rundll32.exe	28
PID 2896 wrote to memory of 2208	2896	rundll32.exe	28
PID 2896 wrote to memory of 2208	2896	rundll32.exe	28
PID 2896 wrote to memory of 2208	2896	rundll32.exe	28
PID 2896 wrote to memory of 2208	2896	rundll32.exe	28
PID 2896 wrote to memory of 2208	2896	rundll32.exe	28
PID 2896 wrote to memory of 2208	2896	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\kcheck2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\kcheck2.dll,#1
  2⤵
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads