f8c193dbb8bfabe66a7d9d2a50e0eaed06c12341a71b78c1bd195846c463af6d | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 16:42

Sharing

Report Analysis Logs

General

Target

传奇辅助工具/plugin/AjBox.dll
Size

9KB
MD5

246977d32e8846b02054cc96f00d1244
SHA1

b89088b96b1f71ce3e2e1bcf7619f36afa972e2a
SHA256

bb8f024743bb5786576ebc2b0010741c1218f385504c296068463bdb04f08286
SHA512

f808aa5b0d422a8f143c1d8f88d3a7e4bce0570ed4d373ccd546ff07e82b08a9b1f7d7dd2d5b69e937a056cca72cf04b57b2cf8234968357dcd0b05b7abd593c
SSDEEP

192:Ruq8omKN7hOOeo+e1ZIdcCAk2e+VtEtBg7RKRv:RL89KN7aHefIdcC0Vut6E

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral4/memory/2932-0-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2932	1920	rundll32.exe	82
PID 1920 wrote to memory of 2932	1920	rundll32.exe	82
PID 1920 wrote to memory of 2932	1920	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\传奇辅助工具\plugin\AjBox.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\传奇辅助工具\plugin\AjBox.dll,#1
  2⤵
  PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download