67e68d1933e87f680f063203e7e243c33deba2dfdbcd2bb08e9205d3fff26fb8 | Triage

Analysis

max time kernel
137s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 18:51

Sharing

Report Analysis Logs

General

Target

2222-main/OTC.dll
Size

8.7MB
MD5

cbac1eb2d0f808c9a1ace63379888580
SHA1

f502e21059146f8fffba5cd84f5dccd5c8b22677
SHA256

8afbfe7db1165a9c6be977be0d2455d9287ebd9c64688ac0bbcc3e1a9872cff3
SHA512

1d1e3bff24d61b58f9e81d037f6b1a58101bb4c12a6550da0d61486f34978a5744535033e4100ba929e49fe970f92c7c30a385f7398ab30a2e21873b3aa6f715
SSDEEP

196608:touw26TL/vezmj/wvs/9sL1jcOytIsjTIImELIjHBAHH8Vz1pQVN:aL/amIvbR8y08ImELWA8Vzg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2744 wrote to memory of 5024	2744	rundll32.exe	rundll32.exe
PID 2744 wrote to memory of 5024	2744	rundll32.exe	rundll32.exe
PID 2744 wrote to memory of 5024	2744	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2222-main\OTC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2744

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2222-main\OTC.dll,#1
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:2756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...