ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd | Triage

Analysis

max time kernel
88s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 10:49

Sharing

Report Analysis Logs

General

Target

siriuv32.dll
Size

597KB
MD5

b9c844eb7588b02bdc6878d3cb4215bb
SHA1

bb5230d41f6c0ff0dd9aa6dab82b2bd90f89fe39
SHA256

475979b58fa6a18a148ffa978690a464e68950579453531f329d0bb7b9b6c14b
SHA512

4a96603db7f4b85f8906dccd7c4e64588e40ff1a985c157dae0420a8fbcacaba807b12f2f26b191f1edb9cb8c52a5189fbc2d39b87489394c54e8b09cc8b31ab
SSDEEP

12288:AflslllfmKLdl62ogziaItnEbzS52ivCw6Q3XKEddoFA3aznpBk:AuhfLd8XvChkKEddIKazpBk

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2112	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2112	2884	rundll32.exe	80
PID 2884 wrote to memory of 2112	2884	rundll32.exe	80
PID 2884 wrote to memory of 2112	2884	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\siriuv32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\siriuv32.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads