31b0e73835dd58455bc30063b15f0757f69f1114870a52ee953720bf963c1150 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 08:18

Sharing

Report Analysis Logs

General

Target

Modules/brs.dll
Size

114KB
MD5

e69cb3796f9a8a755aeea5b3ce64f009
SHA1

891d0628ca67d2b71c675ae575cd0ddea1dfb085
SHA256

a9c2057e254136f2c9e53ab8638cfb051b109781ec3ca5c8b9b698449e053d5d
SHA512

1e343fb5ebb0e898daaa07b22b574f0af584f47a7d7bb2d76b8aa84034db865209456aac8dce9e78714a3700b77d6c58143eb6967dfa38ceb1318350fdc4a20d
SSDEEP

3072:YmephjIKFKAJ6ewg9u5fvkBIugPdqWMgd2/IMy9H:qphj7KA1wgkppF1/d2/IVd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28
PID 1764 wrote to memory of 1540	1764	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Modules\brs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Modules\brs.dll,#1
  2⤵
  PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads