da1fe361b7b1109bf6b3dce206a0a32ae86fe3f4bf332542495d2510f646f848 | Triage

Analysis

max time kernel
138s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:26

Sharing

Report Analysis Logs

General

Target

capauthz.dll
Size

247KB
MD5

12d2745cdcc0f47a47a39abbff08edd8
SHA1

5425f41a957414ebcdfb5f1a3a6db711269d7823
SHA256

da1fe361b7b1109bf6b3dce206a0a32ae86fe3f4bf332542495d2510f646f848
SHA512

9f09e719dd62552deaafc65cd91199b4bb43e2c196635b7c4ece78b0a469b18e1718c278aca7c8d8e4ac149b54ec8d907ba06949f55e2fe53a08400c4c4bd3ee
SSDEEP

6144:C3IMmGoBoinNlWw4w2xWuMSocQpnsMeycF+nkK/B/xEOpcO:C3PoBo8AdWuqsOcF+nkK/DEOpR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 3928	2780	rundll32.exe	83
PID 2780 wrote to memory of 3928	2780	rundll32.exe	83
PID 2780 wrote to memory of 3928	2780	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\capauthz.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\capauthz.dll,#1
  2⤵
  PID:3928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads