e7f04e95c867caf928b3beaf2bc55dccd9d90704be6fda4620ab0b18613b00d1 | Triage

Analysis

max time kernel
132s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 12:25

Sharing

Report Analysis Logs

General

Target

J_3Q.dll
Size

348KB
MD5

ba32e0e7d1851f0b9450745036e081c7
SHA1

cddb67e77ab6c900c9c547a66f5998ae839ab75f
SHA256

92538ce0e54b480320d1d5d85a5b464f4c95fddc042e887b293082e3641c9b80
SHA512

6fe2107b8e30bcde8585812ff0445258b939397c20d86e6d6abe06e55cf49c475e1ea995988bd8e1a785506755bfab0aec39c1e00478cd741441c7ffd154fe60
SSDEEP

3072:Sa99Ky1S0SD8MHjO73Ba01/H/7FlwZ2RJJBvX+WUE742Lg:SaGy1nS8MHi7xai73JtkWUEn0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3432 wrote to memory of 2444	3432	rundll32.exe	rundll32.exe
PID 3432 wrote to memory of 2444	3432	rundll32.exe	rundll32.exe
PID 3432 wrote to memory of 2444	3432	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\J_3Q.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3432

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\J_3Q.dll,#1
2⤵
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads