Overview

overview

8

Static

static

3

ec4a958ab7...dd.exe

windows11-21h2-x64

8

rptcache64.dll

windows11-21h2-x64

1

rtfile32.dll

windows11-21h2-x64

1

rtfile64.dll

windows11-21h2-x64

1

rtinfo32.dll

windows11-21h2-x64

4

rtinfo64.dll

windows11-21h2-x64

4

screenhooks32.dll

windows11-21h2-x64

1

scrnrcd32.dll

windows11-21h2-x64

1

scrnrcd64.dll

windows11-21h2-x64

1

sensinfo32.dll

windows11-21h2-x64

1

sensinfo64.dll

windows11-21h2-x64

1

setuphlpr.dll

windows11-21h2-x64

1

shlext32.dll

windows11-21h2-x64

1

shlext64.dll

windows11-21h2-x64

7

siriuv32.dll

windows11-21h2-x64

1

siriuv64.dll

windows11-21h2-x64

1

sqlcipher32.dll

windows11-21h2-x64

3

sqlcipher64.dll

windows11-21h2-x64

1

sscanner32.dll

windows11-21h2-x64

1

sscanner64.dll

windows11-21h2-x64

1

ssleay32.dll

windows11-21h2-x64

1

ssleay64.dll

windows11-21h2-x64

1

swvv32.sys

windows11-21h2-x64

1

swvv64.sys

windows11-21h2-x64

1

swvv64_win7.sys

windows11-21h2-x64

1

unrar32.dll

windows11-21h2-x64

3

unrar64.dll

windows11-21h2-x64

1

usbmgr32.dll

windows11-21h2-x64

1

usbmgr64.dll

windows11-21h2-x64

1

winpcap_inst.exe

windows11-21h2-x64

8

workflow32.dll

windows11-21h2-x64

1

workflow64.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    89s
  • max time network
    99s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28-04-2024 10:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    workflow32.dll

  • Size

    278KB

  • MD5

    2a04eb59490a922e64ccb1329d845d76

  • SHA1

    cadb4dff808defa4032e14bf5aa20626dc62ce34

  • SHA256

    80658acd27f140389d597dec4b83232126b8a87fe59902d04c4708361c2f2d3c

  • SHA512

    503053cae9a93658206d20502dc5ec255839b077bf27c2331bd2d2646c208d7ba83797a11114d69a448bada049618b05151586f7a58f012e4947fd2d505abee2

  • SSDEEP

    6144:Fa8jU7RJqMPYLvv1MVP0L15xEe+2gsfTBRGqG1U:Fa8jU7Xmvv1MVP0rxEeR7F

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\workflow32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3384
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\workflow32.dll,#1
      2⤵
        PID:3368

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads