66bb992b3293955652b91e7518423b6afffba718be5680713ca39e472f099605 | Triage

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 11:45

Sharing

Report Analysis Logs

General

Target

PackageStateRoaming.dll
Size

173KB
MD5

5779182d856e7ea64c6f45666095b8fd
SHA1

3a6c34b29bd0a49c45ce78265d3e40427dbf5207
SHA256

66bb992b3293955652b91e7518423b6afffba718be5680713ca39e472f099605
SHA512

c69354774418195a8190865bff0cdc6239a2f0df7c00399ec6bfa58c425e9699b2a376e9986a941adaa6ed91f3af50be07c83ed8362954b6f06fe553378bbf78
SSDEEP

3072:H9d/2iLZsJaGhF577BpPfaz9up8FBk1L2x7SmRIqlEz:2iLZ4awF5DaZIWBk1L2x2mRTE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 3764	2968	rundll32.exe	82
PID 2968 wrote to memory of 3764	2968	rundll32.exe	82
PID 2968 wrote to memory of 3764	2968	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PackageStateRoaming.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PackageStateRoaming.dll,#1
  2⤵
  PID:3764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads