72ae0b36152cb45e7ad7ec2d2170898176dabb0d81627562c2496bf8e302ee6c | Triage

Analysis

max time kernel
133s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 05:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hgcpl.dll
Size

569KB
MD5

9d963bb9e6e75f4fb194075414953ef5
SHA1

ed50d041d7531d845421aa2dbc7eeaba599e02cd
SHA256

72ae0b36152cb45e7ad7ec2d2170898176dabb0d81627562c2496bf8e302ee6c
SHA512

bb02f6ef3baf47f710e70b6bdb1f7c02feb447b99cef70af961c7759523d63953381f63ff2eee138671231df6ceaf861570eb12582ffa38bdbb024d6b1f1ec99
SSDEEP

6144:DxDFqCHgrD5M7TRzaMrdIXiw3FABYyIJnGvWqC0TCt+DHxbpbXTwtt+RCVmzSBN:lIQgrZABVvj1CtKzD++RCY6i

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 1932	3164	rundll32.exe	82
PID 3164 wrote to memory of 1932	3164	rundll32.exe	82
PID 3164 wrote to memory of 1932	3164	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\hgcpl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\hgcpl.dll,#1
  2⤵
  PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads