16e82bd509cf326cc7b3239459f80196bdde1fb15cad21e03e48189e4e73f857 | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 16:08

Sharing

Report Analysis Logs

General

Target

taobao_qunfa_5.70/commobj.dll
Size

92KB
MD5

17ee210d342fb2bd8dcf38a5bb639583
SHA1

81fdc8d3c3a8ff11ab9e395959e1f614177330c7
SHA256

4a472cad276f162910b1293c3a661a0c88c9ddb50986342153f00506623e7443
SHA512

833f0d1a9d9377e3eb0642062f34204eb1fa32cba54396e789fca5ad4bc4c0ff4de177a2a021a4cd4f8dc6d6a5e16c33e9d393c0f299f7489397aeefc8328831
SSDEEP

1536:pq8xoOOTEKO2qIgw1hTSV6tTwb12Bkfoz1fUoov2jo:7xosbu+5NfKUoovgo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1348 wrote to memory of 1372	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 1372	1348	rundll32.exe	rundll32.exe
PID 1348 wrote to memory of 1372	1348	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\taobao_qunfa_5.70\commobj.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\taobao_qunfa_5.70\commobj.dll,#1
2⤵
PID:1372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...