f982c687ceca030fc9abc7f4f28960e701d5a83b3a539b0633ab1b628ac86d0e | Triage

Analysis

max time kernel
92s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 22:16

Sharing

Report Analysis Logs

General

Target

xinput1_3.dll
Size

79KB
MD5

77f595dee5ffacea72b135b1fce1312e
SHA1

d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256

8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512

a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746
SSDEEP

1536:TVeqvNS6T6jxeEsU6b0xZtDDVb9X8u9JA7zitdrz/R8cy/FaeBD:TVeqvNOeFgxZ9DVVtRBy/EeD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 2664	404	rundll32.exe	82
PID 404 wrote to memory of 2664	404	rundll32.exe	82
PID 404 wrote to memory of 2664	404	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xinput1_3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\xinput1_3.dll,#1
  2⤵
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2664-0-0x0000000000580000-0x0000000000596000-memory.dmp

Filesize
88KB

Download