902576f7f90174513a45bc82796b82c9264a57c82c0c72b7c9bf11e7da6bba96 | Triage

Analysis

max time kernel
446s
max time network
450s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
01-04-2024 09:35

Sharing

Report Analysis Logs

General

Target

Plugin/pw.dll
Size

284KB
MD5

ac43720c43dcf90b2d57d746464ad574
SHA1

eae39df1c717ca74f6f04d5ca8478ea55145535a
SHA256

ca6367d1ab873a55ced13d7024c530bbe4a6a703813225233e59041c7ce14eaa
SHA512

9082b3cd8b36031256923c8f2bed628e9331129bbf09d111d9d02268a49e493248e5638ddee5b02da66e9159a608f8f26499ca0f736d6a369a30f71950c60d40
SSDEEP

6144:QxY714e31bXJVFJmShoCKFdZ3aDGjXsCUjguhyUOMO:7ZxJ/JmSG9T8CEgdM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1080 wrote to memory of 788	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 788	1080	rundll32.exe	rundll32.exe
PID 1080 wrote to memory of 788	1080	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugin\pw.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1080

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugin\pw.dll,#1
2⤵
PID:788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...