c8023832ef867a07b6d9f4c43f6e1a24c1147cdf52f43f5d2ee1ac530e49f006 | Triage

Analysis

max time kernel
132s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:54

Sharing

Report Analysis Logs

General

Target

Lskj.Util.dll
Size

44KB
MD5

a9c29983249726867aa5a9a342e5257e
SHA1

d342195230eba55d097fe621e5d77ce0d73a531e
SHA256

c8023832ef867a07b6d9f4c43f6e1a24c1147cdf52f43f5d2ee1ac530e49f006
SHA512

270b9ed66f9e0219d0ebd25f7a298b059771648ee135024add9268a86f333dd410bbcaa049419aa07364d34e336cdc82cb309e255b4740a64490683151c9e0bb
SSDEEP

768:I4MpWzUrxsg5xxH6m1C/Np1gfQZATKCnZICiyqWiM71oD9:xMpWsNCT1gfQqTKO67yq6+9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 2548	3296	rundll32.exe	83
PID 3296 wrote to memory of 2548	3296	rundll32.exe	83
PID 3296 wrote to memory of 2548	3296	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lskj.Util.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lskj.Util.dll,#1
  2⤵
  PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads