609cccd44a03bfd93cef765de354cdb2d3b847d90bc4dca0116ace0b1cfb1bc7 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 16:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HRSword x64/usysdiag.dll
Size

538KB
MD5

4adbb6a238ae5c154a8a14c01bd49104
SHA1

63aa1c8255ef6ab21c9b3d74b6eb14dddb662d35
SHA256

53d2cce1f2ab57a3b59ea2559015adeeecd00f80b6103a6ed0fccb19bbdfab77
SHA512

7f02a85ff3be10ad6b24f5105cb08e8b98f25f1fcd30f1148f792f0ea4cd40eb9e29ed8cb2424b43be09cf5f9e51d71a913f25969d69886a41128d18997582a3
SSDEEP

12288:5mjNXQNJdULEfwS5i+hQ9pCzTwKhdmnm28yadCKFW:cCqLQ5hxsnm2CdHFW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28
PID 1992 wrote to memory of 1800	1992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\HRSword x64\usysdiag.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\HRSword x64\usysdiag.dll",#1
  2⤵
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads