b782dbd696f87d28831fb8dab4efc6d3779e04ceb305c235acd59bf076116cd5 | Triage

Analysis

max time kernel
246s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 10:07

Sharing

Report Analysis Logs

General

Target

OpenAL32.dll
Size

616KB
MD5

e470a54ed520301dedec87c9db7539e3
SHA1

fe7fbb11d731e1ea67fe38cee3436b0dcbc240df
SHA256

49f0b67af1341f69cec41940529c0ef551420282f471f0f869f89cc4ab6357c7
SHA512

522448047c564a91734bafa3629ff6ab2697a560927016f522397a1431a1e735c09c1ad6a360fab2266fae063f05087f073ec6a0fddadafc20ebd5c7712bbc20
SSDEEP

12288:PsmFzEdFKWRcDGqZagU7YLvAmvUCyc54j/XPlJtsMPsj+e:PXzKKjAGAuUxj/9JtsMC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 552	3976	rundll32.exe	83
PID 3976 wrote to memory of 552	3976	rundll32.exe	83
PID 3976 wrote to memory of 552	3976	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\OpenAL32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\OpenAL32.dll,#1
  2⤵
  PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads