fd2142e31d8c9f22351b40157b8a45723156f671f9b8fbda9d50cdf1c37401ad | Triage

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 09:39

Sharing

Report Analysis Logs

General

Target

ClHook.dll
Size

268KB
MD5

841dc9d9b780e3a69f04686492dc87d8
SHA1

d0cbfbafbd4d26da7b7f06e17b220e159c19a038
SHA256

0fec425cad53c53c3805fe057d488aecd015a47a91867743141a21766f938b30
SHA512

ebfa3719e0d9fb4ec26d62b600e4fc4c1d05ec06723eddaca01f1cbe7c9591a56e13b0e37863ee1c78b3a3b8b90c9d9d17a83fe60fb4a8200c2984b02261ccf1
SSDEEP

6144:z0a6tl0o75O3OvWMV0c8dm2DAKwtH/1GM7V/hH6du0K:gZp5ai2c842DAKw9YMpcgH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2212 wrote to memory of 2612	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2612	2212	rundll32.exe	rundll32.exe
PID 2212 wrote to memory of 2612	2212	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ClHook.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ClHook.dll,#1
  2⤵
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads