Overview

overview

7

Static

static

7

2006391427...er.chm

windows7-x64

1

2006391427...er.chm

windows10-2004-x64

1

2006391427...nf.exe

windows7-x64

1

2006391427...nf.exe

windows10-2004-x64

1

2006391427...3m.dll

windows7-x64

1

2006391427...3m.dll

windows10-2004-x64

1

2006391427...23.dll

windows7-x64

3

2006391427...23.dll

windows10-2004-x64

3

2006391427...��.url

windows7-x64

1

2006391427...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-04-2024 19:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20063914274000/lib/VISh263m.dll

  • Size

    479KB

  • MD5

    7070ad778adcbe48c66f939f8af9c795

  • SHA1

    3d75bbb56aad2956d82c048317c404ef02fc6c8b

  • SHA256

    a6ca22c37336bcac2590161c819a1d1f8ca43f4eb46e23341489d5e507201316

  • SHA512

    313d8589c4f8f544f3863442def6e52428e8110856cef6c52c605213484765544a2a0ba30775712a7996fa3773a48acd8a713aeb9ae05ae11a9e915e6d30bfe7

  • SSDEEP

    12288:GGcgZIpPM446w4/6xeF4M1rm0WZzjYDYMwfw:bLZS494/6ekVjYDYME

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\20063914274000\lib\VISh263m.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3500
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\20063914274000\lib\VISh263m.dll,#1
      2⤵
        PID:2576

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2576-0-0x0000000010000000-0x0000000010178000-memory.dmp

      Filesize

      1.5MB

      Download