50a16d5e07f5877c21f7a924941bd042211fd2cd869a0d7b69b1c7e1b13c66e8 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 09:41

Sharing

Report Analysis Logs

General

Target

OmegaX/OmegaBytecode.dll
Size

4.6MB
MD5

953eaef790a4ba5c6cf5b8c3ba09cb63
SHA1

923321815d9857099bea2cb6182e7da94babe96d
SHA256

c5e11cc52e3acf5f43aff47a7fc3b8f46b82d3c616262dd28591d64360b37243
SHA512

6cfa277ea18bacdbcf34d9313f3faa68ac13e5d4809ce6a8022be752b535d0ca3380eeb849b50644e26814f0f64a4cd20881bffdb5042900e68fa8f220aa78d5
SSDEEP

98304:8aj947EmXkli1R4029by0Z6e7bH3ZHgtULdmVVIWhdk8W:H9BHi1Rg9W0Z6eXHpHgtUlWC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2244	948	rundll32.exe	28
PID 948 wrote to memory of 2244	948	rundll32.exe	28
PID 948 wrote to memory of 2244	948	rundll32.exe	28
PID 948 wrote to memory of 2244	948	rundll32.exe	28
PID 948 wrote to memory of 2244	948	rundll32.exe	28
PID 948 wrote to memory of 2244	948	rundll32.exe	28
PID 948 wrote to memory of 2244	948	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OmegaX\OmegaBytecode.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\OmegaX\OmegaBytecode.dll,#1
  2⤵
  PID:2244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads