24af4f1d6eb6ae80037dde0f4d817ba94c4a9221c6b10e0c3225aa33f99640ef | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 01:29

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/hmgan.dll
Size

152KB
MD5

df78bf34d6c36cd545c177c74b2d0fbb
SHA1

e4c99dc0cd39f1ba0550d78935d0ff2f8eb52642
SHA256

d3abdcb8802d664cd5523c44b28e6ca14e6b63f963e5266d301947aa184f3c98
SHA512

ea3437ce4975bf7b43a7d10683e80f5c861934f04a0d7f11cb3a9a4b5e6fcd66f37c8b5b070c6bcfe30a733491c169638d1753071bdac989742906f5638e65fd
SSDEEP

3072:G55r2BMak10f7UwF2Ux+jM+IG/osDyAi:erVq2UGMdGij

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2000	1960	rundll32.exe	28
PID 1960 wrote to memory of 2000	1960	rundll32.exe	28
PID 1960 wrote to memory of 2000	1960	rundll32.exe	28
PID 1960 wrote to memory of 2000	1960	rundll32.exe	28
PID 1960 wrote to memory of 2000	1960	rundll32.exe	28
PID 1960 wrote to memory of 2000	1960	rundll32.exe	28
PID 1960 wrote to memory of 2000	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hmgan.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hmgan.dll,#1
  2⤵
  PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads