ebfc2b62ea889cf96c4eb0b649672c6b713ad163fd5818c2f46a9b5726dd80fb | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 14:46

Sharing

Report Analysis Logs

General

Target

客户端/20201108/libcro.dll
Size

74KB
MD5

eb21f4f06f900c89519ccf17a0ead35b
SHA1

ad30037f31f910ece2ba79fa30e55128d63059e6
SHA256

618e38e0e5ccdefbd4bc4987f60c40f1c2f733c2441ed2026d1530910d7196bd
SHA512

dd58edad7fdd0e8f352805f75bff7bfda1b016f0815b8df68b9947e456b47f140fc470dbf9ec37adc724601c27ca7276ba88bdc62573b44167bcd12c19cc482a
SSDEEP

1536:TW4k95Lkeu4BImLAEgioTc8AJsWjcd53aI/n5K:TWn5IyVGF53nc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2368 wrote to memory of 2000	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2000	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2000	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2000	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2000	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2000	2368	rundll32.exe	rundll32.exe
PID 2368 wrote to memory of 2000	2368	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\客户端\20201108\libcro.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\客户端\20201108\libcro.dll,#1
2⤵
PID:2000

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...