ceb5e9a5ac1786db6fda32f3e9338ed28058207fe4413785f0473756bbc622e6 | Triage

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 11:50

Sharing

Report Analysis Logs

General

Target

SettingSync.dll
Size

433KB
MD5

f42e1958e80fa728d616f1620696bf66
SHA1

c829a1415a0b9e253a5d642e9a3add30d9c791e9
SHA256

ceb5e9a5ac1786db6fda32f3e9338ed28058207fe4413785f0473756bbc622e6
SHA512

d895d5ad4f149e1407bfaf00fb418e3d582b7cbe2cd866dccfa1bacaa5b02581b477d9291d88a138834b3706c9e6dafa6f2e5818edeb64b006faca8ac8cb9ba9
SSDEEP

12288:o1pAr24hfNn8wo4wnnW5Vbr7WNbgV+B+NszpTs:oU1nlo4wnnGPaNbgV9sx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 2992	4068	rundll32.exe	82
PID 4068 wrote to memory of 2992	4068	rundll32.exe	82
PID 4068 wrote to memory of 2992	4068	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SettingSync.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SettingSync.dll,#1
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads