d21665dfe3585e46c95bfe5ba45495e8ceccce3e2bc92fd993bbfaa011a216a5 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 18:54

Sharing

Report Analysis Logs

General

Target

I386/SYSTEM32/DESKADP.dll
Size

10KB
MD5

97811e96d4012699211886206a3c1e34
SHA1

7ddc88736fe8deed276e4b37cb84ef6946cc0c65
SHA256

5160fb1c7efbe26c64c4c25ad7d66b82f89f38e7196fa020433cc494cef1c59c
SHA512

34c8de8c2bffe84e961152631de1e2bf63208f95a33e3d47fb0c089d34c685930a60fa76566ebb5a99a08e0b5c4eca2fdf1122f2b194d26e67cb69b03a533cbb
SSDEEP

192:Zdqp0ciZ8rjYM5HkMtyHmWE5EP3jMVMgW2am1WbuBF:Zdi05ZHESmWE5GwGgWrm1Wk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral17/memory/4700-0-0x000000006D410000-0x000000006D41A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4700	4804	rundll32.exe	83
PID 4804 wrote to memory of 4700	4804	rundll32.exe	83
PID 4804 wrote to memory of 4700	4804	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\DESKADP.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\DESKADP.dll,#1
  2⤵
  PID:4700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4700-0-0x000000006D410000-0x000000006D41A000-memory.dmp

Filesize
40KB

Download