d72702999c526afaf6f6341889d5a21dd02595c6108e040b8d8f75a03d4c5f5a | Triage

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 17:21

Sharing

Report Analysis Logs

General

Target

$APPDATA/mIRC/bin/dll/in_wm.dll
Size

53KB
MD5

a5522be582e0ac4ce2a00ba9396e0938
SHA1

7992866ae20b2b1e1c511b53b0dee67d77cbda50
SHA256

87983f63cd949f4c2b9b110c30608854bfdb80ac7ec312f5055942777edc74a8
SHA512

35ca8958ab4e78f44b67784184b658761642592cfdad0c3e843bcf725c82113a0cec7bede555b313643c3dd670a421b78c0ac7d7f271312bb97eb37a26b65d77
SSDEEP

1536:tqXsLHxBS7L/lY9CSDksJZEmpZ3mMluIPU+91tJpRFwhrFta:AXso/eFVVh1tzRFAZta

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 688	1708	rundll32.exe	83
PID 1708 wrote to memory of 688	1708	rundll32.exe	83
PID 1708 wrote to memory of 688	1708	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\mIRC\bin\dll\in_wm.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\mIRC\bin\dll\in_wm.dll,#1
  2⤵
  PID:688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads