64c0c27f7de2059875f1c6b29f7601ae680f6025cb1f2ac97ea3c70284f6a7a4 | Triage

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 12:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HSWEBIO_COMMON.dll
Size

19KB
MD5

1e6260abad780418caada7233acfaa9f
SHA1

3bee9b51c98446c9979ad15f688412ba272038f0
SHA256

64c0c27f7de2059875f1c6b29f7601ae680f6025cb1f2ac97ea3c70284f6a7a4
SHA512

6692df3ff4d0ca7d82a516c633a27a183e623f048706baa3462a517e6bfce94952b94e513b65e445866e7a4731e1f02fbff12c7ecb8a2e44e9838d0189d68883
SSDEEP

384:BBPxl0xA25NXbdA+u/oR1MajxFfIcmjxm7X3oAtt4:BBj0a2bLnRVM1m7Xf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 436	852	rundll32.exe	83
PID 852 wrote to memory of 436	852	rundll32.exe	83
PID 852 wrote to memory of 436	852	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\HSWEBIO_COMMON.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\HSWEBIO_COMMON.dll,#1
  2⤵
  PID:436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads