7edb6e302c50fd1fe1c32583f9815fc394c30307ea5202247ad9086ae317d14e | Triage

Analysis

max time kernel
13s
max time network
16s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 14:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VR.dll
Size

2.4MB
MD5

a121a5ee0b761fb56716683301888061
SHA1

e5c543ec1fed298ffdb771d72c92bfd2ca8fd226
SHA256

7edb6e302c50fd1fe1c32583f9815fc394c30307ea5202247ad9086ae317d14e
SHA512

364f0b5ec044ef064c34d080c34cf35d285fd724cbf69aa9c02a1cf60cd05a7674571afc5d0dd37e84a9a7a18bf009b7091fb05c592f62b61131a4bf395a8323
SSDEEP

49152:YkHe+BBH9PQajWWaHyN3Ghk2G7rYIo3vG:YkHe+BBH9PQaK7yN3e5G70IkG

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 4460	3328	rundll32.exe	83
PID 3328 wrote to memory of 4460	3328	rundll32.exe	83
PID 3328 wrote to memory of 4460	3328	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VR.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VR.dll,#1
  2⤵
  PID:4460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads