9b36f3a0a9580f3595225957a4d7e4b3dfa3a816228f0c21ec53602c213ec6ac | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 05:37

Sharing

Report Analysis Logs

General

Target

CoreMessaging.dll
Size

615KB
MD5

fca5e859e76af31865dd2ec08fa6dcfb
SHA1

74db17615d7869254aee4a9b8cdb155313632270
SHA256

9b36f3a0a9580f3595225957a4d7e4b3dfa3a816228f0c21ec53602c213ec6ac
SHA512

0c1e94bf4cae70b9379fb92db738a1554373cc4f9d211759005e6003996578516003fe4c31a9d0ebbe0b3044124c0848a7e9af705cd5e3cadec4995d8dc735e5
SSDEEP

12288:FuZgLlYGtX554cZaUZTXZw8164Ci/5PDXsY/cEr9:FcohX554cZ/TXZwarCGrl/tr9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2032	1612	rundll32.exe	28
PID 1612 wrote to memory of 2032	1612	rundll32.exe	28
PID 1612 wrote to memory of 2032	1612	rundll32.exe	28
PID 1612 wrote to memory of 2032	1612	rundll32.exe	28
PID 1612 wrote to memory of 2032	1612	rundll32.exe	28
PID 1612 wrote to memory of 2032	1612	rundll32.exe	28
PID 1612 wrote to memory of 2032	1612	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CoreMessaging.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\CoreMessaging.dll,#1
  2⤵
  PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads