0e85fff36288dfd1b99a9c7c83fddb7d9e7ba640bf8636a73f2e880ea9f2892f | Triage

Resubmissions

04/04/2024, 18:59

240404-xnj3zafd5y 3

04/04/2024, 18:58

240404-xmyjzafd4t 3

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/04/2024, 18:59

Sharing

Report Analysis Logs

General

Target

unicows.dll
Size

240KB
MD5

006401678cfbccbcb97e405e2f83d2fa
SHA1

0976db1b5b9aa69e77fa25c35c8189e3ef851ffc
SHA256

a491c11f667fda3fb3311f6221bca15e4da159df4c12f7a7a0cfbf99f2b7c60b
SHA512

ef24dd6c6781c843a9730622f44d260e8db4fc365726aa918805d336c1f25659cf43df7400efd4307da3cca54c2e9c4f4cfbf3c10d974d37a4033c9624cc8d92
SSDEEP

6144:3+zSDvZB9bZQ+tbAOgQm3uldxnE5x/htk+gq:jD4OgQm+plq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1280	2208	rundll32.exe	28
PID 2208 wrote to memory of 1280	2208	rundll32.exe	28
PID 2208 wrote to memory of 1280	2208	rundll32.exe	28
PID 2208 wrote to memory of 1280	2208	rundll32.exe	28
PID 2208 wrote to memory of 1280	2208	rundll32.exe	28
PID 2208 wrote to memory of 1280	2208	rundll32.exe	28
PID 2208 wrote to memory of 1280	2208	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\unicows.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\unicows.dll,#1
  2⤵
  PID:1280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1280-0-0x00000000003B0000-0x00000000003EE000-memory.dmp

Filesize
248KB

Download