d16dddc1e9ad69c5ef67afd93eb801c74ca5b95ec8b46741786c8c8ec47b1b1d | Triage

Resubmissions

28/08/2024, 05:45

240828-gfzwfsyfpl 10

11/03/2024, 16:38

240311-t5j8hsfe8v 10

11/03/2024, 16:32

240311-t11dyabd98 10

Analysis

max time kernel
144s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11/03/2024, 16:38

Sharing

Report Analysis Logs

General

Target

ProcMon.dll
Size

32KB
MD5

894745b78819bfe885a068b5412dd192
SHA1

75d24b9c7bee65f2b088f58f4e422c744f7eeeba
SHA256

acb1ceb5a01227cb6506c30c5693387441be1c3af0e69eae3d07092075c995a8
SHA512

3a8f311dad8abeb772531779592df96a18d1e5cfd643692e3b2485f5fbf381f91406ab12e121e8bdb2867b1a7d5b59a86e5e73e34d3a0ef792069fdac2a30a12
SSDEEP

384:vQHejeETXLLxJ507mlvZysfqy7XJxo99p4jB+k/:TjeETXvR0WRi8XJxo99p4jB+

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4564	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 4564	1480	rundll32.exe	80
PID 1480 wrote to memory of 4564	1480	rundll32.exe	80
PID 1480 wrote to memory of 4564	1480	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ProcMon.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ProcMon.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads