bb59a844d2d2a7c12b807e0c98cd338ace247a1e0df84a446804481f29226865 | Triage

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 11:54

Sharing

Report Analysis Logs

General

Target

ShowPwd.dll
Size

54KB
MD5

b8d3a258ad6955e29698b77732102da4
SHA1

bf12130cbced4f85a36c2acb0c7dbe80a6ad29ba
SHA256

bb59a844d2d2a7c12b807e0c98cd338ace247a1e0df84a446804481f29226865
SHA512

07ddb48812fcd9ad9e9878fe8e1dffc4e8cc8d2dc9a98572579ece3b3e30c1c20c3e38b0a45a0a3c2cf6f9bc4d8f80ab16b1c3d652638aead687ca8e16176a75
SSDEEP

768:xVXqYKk3DTHtNSIwdOD+TlQZ3o5iGplfBG/HHKM3ydlx0+VdKQ7SG1mFbFw5:LXqYKiHtANRHnBEnNy1n/1mFhw5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 3052	4712	rundll32.exe	82
PID 4712 wrote to memory of 3052	4712	rundll32.exe	82
PID 4712 wrote to memory of 3052	4712	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ShowPwd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ShowPwd.dll,#1
  2⤵
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads