68176f94e39a09b99288c9be9d9b880fd9321df170375f38f13b1ce647e4ea66 | Triage

Analysis

max time kernel
92s
max time network
101s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
19/05/2024, 22:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Luau-Ware V.1.6/setup.dll
Size

634KB
MD5

4d314b5a797e1b1aab65759cab83a833
SHA1

b99a966573040b6f3e7e7d5bcc236b802ab4a3d2
SHA256

173a5f2284f30adcc33f6442e8b96d8af0ac1a57c19427066941857ffaa5024f
SHA512

8b8c8c901c9a554472f5551d91ce80584a1b88b5226ad60a8646771aba6439e77889b43477a917c6cfbb9a649d9857d2ec759dc30e2ebbcd6dfb69f46ee0cf70
SSDEEP

12288:7av4EQc8akBi+Hgl75I7XHgZ6KhJgeaXqXSv:7avkc85Yqgl7GLHgZfJ8qXE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 752	3332	rundll32.exe	79
PID 3332 wrote to memory of 752	3332	rundll32.exe	79
PID 3332 wrote to memory of 752	3332	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Luau-Ware V.1.6\setup.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Luau-Ware V.1.6\setup.dll",#1
  2⤵
  PID:752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads