7882e839fc528d5a8d81f85c12abde672e99e8fcb2fb3a1c9d5956a605aebdb7 | Triage

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 01:39

Sharing

Report Analysis Logs

General

Target

AVUninst.dll
Size

181KB
MD5

d1988cb16b3012c0dde5443a5c1355a9
SHA1

2177c7553c7084a687a502bf1df7df8ebc0f52e5
SHA256

0423258920061d51082dec837d46e3d0ee965a4c7de59e6ad8754caf38702f0a
SHA512

239d55dc7d5490242693faa1808dd5c8267715590af6d68565de946818d9cbc655952435bb9e9d6bcc2bf23ad687476a753dc4218a819e0895f97a562e472cd7
SSDEEP

3072:yY3m13ZYHDwc0GnveCBWtnxhMMm6gO4cQavHkZ5k23:ygmZtGveCBKzMMvWcQ4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1672	1856	rundll32.exe	28
PID 1856 wrote to memory of 1672	1856	rundll32.exe	28
PID 1856 wrote to memory of 1672	1856	rundll32.exe	28
PID 1856 wrote to memory of 1672	1856	rundll32.exe	28
PID 1856 wrote to memory of 1672	1856	rundll32.exe	28
PID 1856 wrote to memory of 1672	1856	rundll32.exe	28
PID 1856 wrote to memory of 1672	1856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AVUninst.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AVUninst.dll,#1
  2⤵
  PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads