7ccefbdee9b66117595c09fcd8dff4fbfc714e47e43ac03d0839d5e512e6e0a1 | Triage

Analysis

max time kernel
15s
max time network
19s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 12:33

Sharing

Report Analysis Logs

General

Target

axnetdrv.dll
Size

161KB
MD5

ac9f5c2e00d656784cffc434089485d9
SHA1

cbff3623cd83ab2115ba3182d1ee0e6b80d777cd
SHA256

7ccefbdee9b66117595c09fcd8dff4fbfc714e47e43ac03d0839d5e512e6e0a1
SHA512

552ac11a9ecbee4ee4d02f6ebf528cadffd5108f126912d837721ce672392a64f36158697b4f42704e2f413d084a3a8addf827c8d31cef879f45c761ca8d8ba5
SSDEEP

3072:tzmwItkf8KNgsX4WIW+uihMQWlTAl4ptmSX6xHq:tGkplX4WIWxQWlEItmSX4q

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 1632	452	rundll32.exe	87
PID 452 wrote to memory of 1632	452	rundll32.exe	87
PID 452 wrote to memory of 1632	452	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\axnetdrv.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\axnetdrv.dll,#1
  2⤵
  PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads