d21665dfe3585e46c95bfe5ba45495e8ceccce3e2bc92fd993bbfaa011a216a5 | Triage

Analysis

max time kernel
92s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 18:54

Sharing

Report Analysis Logs

General

Target

I386/SYSTEM32/DRIVERS/KSECDD.dll
Size

89KB
MD5

eb7ffe87fd367ea8fca0506f74a87fbb
SHA1

f15c171c0d200d4e0093c2cdb26ac176a390e63a
SHA256

5d318cd7db88473a6ffb74939ff62eb8dd0e6c79847844212d7168095f635531
SHA512

e87fb24f6d1cf588a693e72a855da7e3f1a538211da95c57ae0e61e7acafe64b1cba639fb00d386e51bba570fc77306a36ec3c0fad35417e924dc321f7ed9707
SSDEEP

1536:qm+3bJmWWsYKmxgN2W7fa2UQ1f1T6EHhtIZT:qBbJmgjmqNzy2368tIZT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 1472	5056	rundll32.exe	83
PID 5056 wrote to memory of 1472	5056	rundll32.exe	83
PID 5056 wrote to memory of 1472	5056	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\DRIVERS\KSECDD.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\DRIVERS\KSECDD.dll,#1
  2⤵
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1472-0-0x0000000000010000-0x0000000000027000-memory.dmp

Filesize
92KB

Download