97689e033ebbde9c5fc1fa7af5576758c0f05e48dce6012d5bd5cea7c6b3b5f7 | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 12:30

Sharing

Report Analysis Logs

General

Target

YLZICCard.dll
Size

460KB
MD5

066816494f40e3d7611161efbefa9d2c
SHA1

2f3af818e3b460aec84fb82b29182932d5283216
SHA256

97689e033ebbde9c5fc1fa7af5576758c0f05e48dce6012d5bd5cea7c6b3b5f7
SHA512

83dd30b148421a6bf1f26e3c15c079b650e09f637878afab4a3c0dd06f4403816f1372e16488dc46a48a14112bb61c6f2f7399c8d69122959439cf83bca2c25e
SSDEEP

6144:ydWWNmjJx5MYgB2zBJyCKhrKOdu0BuDPV/p92iMmDqM7lJduDHr9:Xpx5MuiCK+PP9S+5Jd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2156	1888	rundll32.exe	28
PID 1888 wrote to memory of 2156	1888	rundll32.exe	28
PID 1888 wrote to memory of 2156	1888	rundll32.exe	28
PID 1888 wrote to memory of 2156	1888	rundll32.exe	28
PID 1888 wrote to memory of 2156	1888	rundll32.exe	28
PID 1888 wrote to memory of 2156	1888	rundll32.exe	28
PID 1888 wrote to memory of 2156	1888	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\YLZICCard.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\YLZICCard.dll,#1
  2⤵
  PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads