438ed742599217238a025a65fb3a85b8935f828f0f5a18a66921c55814722cca | Triage

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pbrtc80.dll
Size

881KB
MD5

59793f82e9e5f2d2412fd38da81cb5da
SHA1

7af820c4eb3c2880e836fe4e11a08bb35ace8cf4
SHA256

438ed742599217238a025a65fb3a85b8935f828f0f5a18a66921c55814722cca
SHA512

73caa8714f136adce4d0d5ccc028d80bc1ad296e90c01b555b3739bf0020e320283c9cb624ea585db764d52f854dcb8aa17322d57fc12acf80ed1877dd3fe6ba
SSDEEP

24576:QtQh43otnrhCTDTG/Cjoh5NG6uur9D5yy/Pt6g9LzELMLTit714Q:0IoohYoCjohGaIyBFQ9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 4792	4080	rundll32.exe	85
PID 4080 wrote to memory of 4792	4080	rundll32.exe	85
PID 4080 wrote to memory of 4792	4080	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pbrtc80.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\pbrtc80.dll,#1
  2⤵
  PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads