8398f9158dd22bfb3d847b38495a2720a73d83df4dc8c332837c97282cf56b98 | Triage

Analysis

max time kernel
93s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 16:42

Sharing

Report Analysis Logs

General

Target

scripts/zBeam.dll
Size

7KB
MD5

6585ea55b2219f4bfa66c32eca802658
SHA1

350340ea930db8a811bbc21deb1dc9e5f014b921
SHA256

e8afbc1657d2df978953ad7e11e173e4e381abd94e244f4b98f3f21d6b2d26fd
SHA512

e321b6f83e78ad6fa4ec2a0d5c717cadefdbd693580e38126fabd34e4f6aee4070ca7b20894d06802157ca007efb3b6b9bb038f5a33c5dde01e0f4ad6b2b358a
SSDEEP

96:t/MDxu83zk3Uf9Cv2cIoZq8yR9+7wV3BAMpE7ZmceWzh6XYDbs7:t/Ax3YkFCv2Mc8yRjBHKtPjbs

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 4356	888	rundll32.exe	85
PID 888 wrote to memory of 4356	888	rundll32.exe	85
PID 888 wrote to memory of 4356	888	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\scripts\zBeam.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\scripts\zBeam.dll,#1
  2⤵
  PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads