dbda8cac5738fcb9ee884827e8e15b87f26c3e11f92b3cad798a264f983008fb | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 15:38

Sharing

Report Analysis Logs

General

Target

CsyonMenu.dll
Size

3.2MB
MD5

7a3e0642466319887430fec0994aadf0
SHA1

6c752cf3ea2f2b2b8105552160548e4dbe95aaa3
SHA256

7cf2f16e4d5d2bed5b4d07b6dc2061142e1cf5beb3f481ff6b605f16d1240067
SHA512

bd8a53846bf0454ce8982780b867e126e738237ce79e9485162cd2c945bd41bb6cfcd87ef3c5056f69b1bae9c779782e99771e946fd1dea49059179ef52387e3
SSDEEP

49152:0JIS9wQVMzEyltRc6UQbzCuIJ2KV1qr4HCAmzqaA+r70TMSaRk/:9ckXbu4rqCAm371I

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2972	2932	rundll32.exe	28
PID 2932 wrote to memory of 2972	2932	rundll32.exe	28
PID 2932 wrote to memory of 2972	2932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CsyonMenu.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2932 -s 156
  2⤵
  PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads