5561fca69d71fb3fa4ee5840b7afa291f1d71786e4f58c62c3e5df3df3c57c88 | Triage

Analysis

max time kernel
139s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:54

Sharing

Report Analysis Logs

General

Target

ReInfo.dll
Size

161KB
MD5

6091512c653b1d7f07df9854a44b7b27
SHA1

122b11da56902be6e7bc50a932fb65177a297a70
SHA256

5561fca69d71fb3fa4ee5840b7afa291f1d71786e4f58c62c3e5df3df3c57c88
SHA512

e42411c5cad2917ccb24991e518305628ce4bf03606564c98c425148914c8fb9509e6174c2b2ac103d7b4f5eb5e3ed398ffa9abc7cec25e9007cd86664182f19
SSDEEP

3072:0HMU0VAum4JKWf6YA5+72bNCNNCM17PXIhflt7qx/3lUAGWHyGb70j47:0HMU3tmi5+72bYh17P7Cmxb70j4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 4940	1796	rundll32.exe	82
PID 1796 wrote to memory of 4940	1796	rundll32.exe	82
PID 1796 wrote to memory of 4940	1796	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ReInfo.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ReInfo.dll,#1
  2⤵
  PID:4940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads