902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96 | Triage

Analysis

max time kernel
456s
max time network
458s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
01-04-2024 09:35

Sharing

Report Analysis Logs

General

Target

Plugin/ch.dll
Size

45KB
MD5

2fe4b9dbd31f83faa7aa1c692ba4d3a2
SHA1

1b3c03e29302a0f07acb4af306a7ad42ea4827dd
SHA256

3c088df7119c494e3df95af42456225f4dab1c3abe003869f8c79afb0993b027
SHA512

cd169dc1d2d5cf0f538334b8ac31817ea1a4e2c8c0faca6a715c63eb4aa464e8aaa4f6b10fe030f46a37ab18a1cd6fe099c662c727e107cb87ada1a8218bc5fb
SSDEEP

768:FjTkCC7kDA87eqVlviNDkpI/pDwxRcNDRQt40BthZWMaGOQKgB22T:dkCC7kDA87eqVlviNo2hkxmRRQthBt3O

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4632 wrote to memory of 4844	4632	rundll32.exe	rundll32.exe
PID 4632 wrote to memory of 4844	4632	rundll32.exe	rundll32.exe
PID 4632 wrote to memory of 4844	4632	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugin\ch.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4632

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugin\ch.dll,#1
2⤵
PID:4844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...