341f97e83e1ccfe0a11dc3211ae5d1211268ac63c9b6c2c778b3b4ae60864e55 | Triage

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 09:30

Sharing

Report Analysis Logs

General

Target

15 Cable 4.0/Rhmmplay.dll
Size

22KB
MD5

808109f1e94fc280093367e2953e8fc1
SHA1

ad0ae72d1a219ab7688c1fe0579273bbe453df3c
SHA256

1c6a206594a3b16902a333d1933ab419598ed14a38f765a56497e5f6ecfaa355
SHA512

af0212d029d8f94956d5e07cf4aa94c68f30bb24f0fe45bd19f2222e2c31c1ca08f4bc94738c59ea29e702066224ff9034286f84c273bfd31d65a7aaca3a4c58
SSDEEP

384:BR3r4yK3tHjsRUhsPuI6IuBsjVSvLvIDvc3FWJ:BRbtK3tDLhAQoSruc0J

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3960 wrote to memory of 4700	3960	rundll32.exe	rundll32.exe
PID 3960 wrote to memory of 4700	3960	rundll32.exe	rundll32.exe
PID 3960 wrote to memory of 4700	3960	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\15 Cable 4.0\Rhmmplay.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3960

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\15 Cable 4.0\Rhmmplay.dll",#1
2⤵
PID:4700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...