0ecd2b63679118ee8a0243b597dad91471b581fcca60849e76ec1caee2001e27 | Triage

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 06:02

Sharing

Report Analysis Logs

General

Target

TextInputFramework.dll
Size

495KB
MD5

f8f44816ee205f266f5d8e919f249e3a
SHA1

8cdf8be3ba4c2519350cd8b3a11b452fbd166cb5
SHA256

0ecd2b63679118ee8a0243b597dad91471b581fcca60849e76ec1caee2001e27
SHA512

ca42b8864e14af2ff00c2ed60612410b10d14162bab6ef471df50aa71c22a3dc15edeba2fe40d73bc2662b12e3f34d47312614609c37f169184a30b1eda97fbf
SSDEEP

12288:ukfyJXRJ0vpWDKGTM6uec5IhpQW62nwuJpiHLl:9f+RJ0ouUM0DhpQW62nppiHLl

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 5092	4288	rundll32.exe	83
PID 4288 wrote to memory of 5092	4288	rundll32.exe	83
PID 4288 wrote to memory of 5092	4288	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\TextInputFramework.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\TextInputFramework.dll,#1
  2⤵
  PID:5092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads