deaae98e0ece30558ec4187e0a0ebca1488df4d2765c76bd00e70abe1af43ec6 | Triage

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 21:31

Sharing

Report Analysis Logs

General

Target

sm/wbxtrace.dll
Size

103KB
MD5

c2b06a78b6c07a1371b6aed1dbf4fc37
SHA1

b8847693e7cd3637b1b400e71430cdf629de2e64
SHA256

9e2b2d67d0e70651a64a3febee9f2698d8a939633587fe973a30758368cffc04
SHA512

219965e4b3e9f237f75d9306bdf5a08c872cded973009da64c58221e1bbdbfda35e4861c4c0b6687fca7c67ef496b307695af5e1270f8d5c3cf71a3fc02c6411
SSDEEP

1536:HAIwJ6LSNBZVrzq8HpWt6/wwmSM4QnToIf2TuU/huhAmJ8dDUfH:HnSNBHUt6/wSM4kTBf2iU/huhFJwM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2560	2092	rundll32.exe	89
PID 2092 wrote to memory of 2560	2092	rundll32.exe	89
PID 2092 wrote to memory of 2560	2092	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sm\wbxtrace.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\sm\wbxtrace.dll,#1
  2⤵
  PID:2560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads