c8023832ef867a07b6d9f4c43f6e1a24c1147cdf52f43f5d2ee1ac530e49f006 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 12:54

Sharing

Report Analysis Logs

General

Target

Lskj.Util.dll
Size

44KB
MD5

a9c29983249726867aa5a9a342e5257e
SHA1

d342195230eba55d097fe621e5d77ce0d73a531e
SHA256

c8023832ef867a07b6d9f4c43f6e1a24c1147cdf52f43f5d2ee1ac530e49f006
SHA512

270b9ed66f9e0219d0ebd25f7a298b059771648ee135024add9268a86f333dd410bbcaa049419aa07364d34e336cdc82cb309e255b4740a64490683151c9e0bb
SSDEEP

768:I4MpWzUrxsg5xxH6m1C/Np1gfQZATKCnZICiyqWiM71oD9:xMpWsNCT1gfQqTKO67yq6+9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1632	2084	rundll32.exe	28
PID 2084 wrote to memory of 1632	2084	rundll32.exe	28
PID 2084 wrote to memory of 1632	2084	rundll32.exe	28
PID 2084 wrote to memory of 1632	2084	rundll32.exe	28
PID 2084 wrote to memory of 1632	2084	rundll32.exe	28
PID 2084 wrote to memory of 1632	2084	rundll32.exe	28
PID 2084 wrote to memory of 1632	2084	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lskj.Util.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lskj.Util.dll,#1
  2⤵
  PID:1632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads