de400840b917c33a82ba316ae244d8691ec0f5a1fd81d7d24763c0513985fe26 | Triage

Analysis

max time kernel
130s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:02

Sharing

Report Analysis Logs

General

Target

coreshell.dll
Size

396KB
MD5

b3cf56d0b20c4fde35309665796f805c
SHA1

bdefef3e32fb01eeaa12e15e53ae498318a61947
SHA256

de400840b917c33a82ba316ae244d8691ec0f5a1fd81d7d24763c0513985fe26
SHA512

0960a1b95e5924b2800987653521a8d3a304f9a4e730a0d3c95ee88d75101acbce493cfe6beb572075638249ea00ffc87c1477fbd0442bb36338b62dcb261810
SSDEEP

1536:LCwKRsJ5ucqow+cdl4ScsWjcdIjVuyjCgAV:LCwKRkvGl1IjVuyOgAV

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1292 rundll32.exe
1292 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3052 wrote to memory of 1292	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 1292	3052	rundll32.exe	rundll32.exe
PID 3052 wrote to memory of 1292	3052	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\coreshell.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3052

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\coreshell.dll,#1
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads