775261ac4274392de5fef0b2054dc6656c7d4a392167cd18a9f6125d05c676ab | Triage

Analysis

max time kernel
142s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 01:52

Sharing

Report Analysis Logs

General

Target

Lua Injector Universe/NeutrinoAgent.dll
Size

39KB
MD5

bc57e228e8b94d24d48f5e81a3dbf491
SHA1

99a708592e7e5cbf9572e8d581e1b25365a75702
SHA256

62a0f8dc21c73a3068220caed39b1c2c5bd176c4ea98856ecf34dc944b649e41
SHA512

a58c9f10c0fb16a0eff1dfa86b1fcd45501afefa3b22fb08f6953dba19880cc2d61ab9f607ce86bfb7cb7077f9dfc1e9e46a46b39202da97ecfc24e940336404
SSDEEP

768:BvUJ7iuhlDFRaucM1k3+BnvXmBHpmwyvarP7rE:BcJpTFYPOBeBHpC27

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

5032 rundll32.exe
5032 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3768 wrote to memory of 5032	3768	rundll32.exe	rundll32.exe
PID 3768 wrote to memory of 5032	3768	rundll32.exe	rundll32.exe
PID 3768 wrote to memory of 5032	3768	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lua Injector Universe\NeutrinoAgent.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3768

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lua Injector Universe\NeutrinoAgent.dll",#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...