33af558afbb7fe3d12f3b0e0fc0c7338ffd747e67e3a6048e7d6b6b33b21d549 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 05:16

Sharing

Report Analysis Logs

General

Target

vorbishooked.dll
Size

64KB
MD5

2b7b803311d2b228f065c45d13e1aeb2
SHA1

905d33aa70ad00d513c701cce22ad6fdb9d7d463
SHA256

a08923479000cec366967fb8259e0920b7aa18859722c7dda1415726bed4774f
SHA512

7468757cca02c948b1d1d838b3f9f64fc8b52b6f6b5c1458dc1c915f9194403af8cb3ab94f3d5089bafaae77bdd0be3dba86e07894a832b25bf0247ccd412a9f
SSDEEP

768:RG9mqQnM6D5cmIc33qTRP8XV/+EVFnnU/iB9Zfe4MtoZAo4CsRTJ0v:Rum/Xd7qTRkX0E7J1CtoK

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2384	1044	rundll32.exe	28
PID 1044 wrote to memory of 2384	1044	rundll32.exe	28
PID 1044 wrote to memory of 2384	1044	rundll32.exe	28
PID 1044 wrote to memory of 2384	1044	rundll32.exe	28
PID 1044 wrote to memory of 2384	1044	rundll32.exe	28
PID 1044 wrote to memory of 2384	1044	rundll32.exe	28
PID 1044 wrote to memory of 2384	1044	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vorbishooked.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\vorbishooked.dll,#1
  2⤵
  PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads