4df3ce4a52cb1bb63a2debe44975c8fdfeb463b11da83ff6c0c5b263cf6cf10f | Triage

Analysis

max time kernel
135s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

agora_rtc_sdk.dll
Size

9.6MB
MD5

849e5624f1190ca55ddfe7fd194971fd
SHA1

4380e354477cb6c0776d913d355ae06fe7298611
SHA256

4df3ce4a52cb1bb63a2debe44975c8fdfeb463b11da83ff6c0c5b263cf6cf10f
SHA512

156e96238acee336a598d9ab4638e6e49b0b3eefd3753a2138be40fd984a77ed8e87fded8d3263d8b6ab371257943c6ebbd8d16d1df0d5d68925ae3d2fa63c55
SSDEEP

196608:OUPS87yKK4aabFs+4c6FUxy30IK63vfEnJ:OUPS8EkFs+o6tIK6EJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 4392	3288	rundll32.exe	84
PID 3288 wrote to memory of 4392	3288	rundll32.exe	84
PID 3288 wrote to memory of 4392	3288	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\agora_rtc_sdk.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\agora_rtc_sdk.dll,#1
  2⤵
  PID:4392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads