ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd | Triage

Analysis

max time kernel
146s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
28-04-2024 10:49

Sharing

Report Analysis Logs

General

Target

sensinfo32.dll
Size

289KB
MD5

ae211a27e7c82ceb1f8c52dcbc462048
SHA1

7abc4fe7cbf05b926ebfc53a0a18fc3fcfd76fd9
SHA256

913572643f1e0795a8851b03f8e04934f637debb1e42d806b3d720ad53d9313e
SHA512

9383e010923f5edcaf9f46113fd7c956be20707a0eebe2d59dc73f177ce722967fcf1430f40a596594fb157bf3ed0d74ed566208b52a51e94bbc86625651b532
SSDEEP

6144:qIzmwz3AsIo5Eipd8klvE/c5Ljj7ESZ2asZo2hDGhax3xGJGjq:qInztIoypOgcF4SZhsZHFi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3680 wrote to memory of 416	3680	rundll32.exe	rundll32.exe
PID 3680 wrote to memory of 416	3680	rundll32.exe	rundll32.exe
PID 3680 wrote to memory of 416	3680	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sensinfo32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sensinfo32.dll,#1
2⤵
PID:416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads