7fa0a5baecaedd874d6eeec3327b745b3408b2b85988bce4151a81d582fd9085 | Triage

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Cortana.Persona.dll
Size

213KB
MD5

afc2f99bfc98f7d714d832ce42dcc2d0
SHA1

0a06f17523dcad92b520ade60747273ee3115345
SHA256

7fa0a5baecaedd874d6eeec3327b745b3408b2b85988bce4151a81d582fd9085
SHA512

4e43cd181ffbeab24cbe6d82786b6c0e9c0b9d8bf5164bc38360c70cec65147bc2e57ad6dd4eebed29b019b21347134fc86e225365b55373db1eefbf66a37d7e
SSDEEP

6144:9DL0Vl1CwLHLgdfqX6fyeo+1NTjDva6v7:9DL0Vl1vASeTjDDD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2968	2260	rundll32.exe	81
PID 2260 wrote to memory of 2968	2260	rundll32.exe	81
PID 2260 wrote to memory of 2968	2260	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Cortana.Persona.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Cortana.Persona.dll,#1
  2⤵
  PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads