af86006262e394a832aa6d8ee25aa34215fbedda54ccac04da3b5406c772c5cd | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 14:37

Sharing

Report Analysis Logs

General

Target

csgo-x86.dll
Size

2.6MB
MD5

440181709da754c2a1e59cfe76b9e8e5
SHA1

9c5098c3d33ed6a8d3b97fee3fc595bdc9cb83a5
SHA256

b9cbc642685541ce53cd560fc1c40b720731179c918833df02e2ae0b60dfc8c0
SHA512

8934f5b7092e8de5be6d5c481b4f7e761b92037c3d6f7db280d1ec04280a9f97502e4c5920d1a18a94fd246ddec21bc91caa8732aee04e91ff345db016a0b0f6
SSDEEP

49152:b4pB7T/l8HaJY+CheKJfzGWW5Solvhrww:bqB7T98HaAhewzGWW5SqZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3064	3024	rundll32.exe	28
PID 3024 wrote to memory of 3064	3024	rundll32.exe	28
PID 3024 wrote to memory of 3064	3024	rundll32.exe	28
PID 3024 wrote to memory of 3064	3024	rundll32.exe	28
PID 3024 wrote to memory of 3064	3024	rundll32.exe	28
PID 3024 wrote to memory of 3064	3024	rundll32.exe	28
PID 3024 wrote to memory of 3064	3024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\csgo-x86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\csgo-x86.dll,#1
  2⤵
  PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads