98dae5ff7fccd0ae0a259188264084385cabf3f11a0b90f00f781550e1380674 | Triage

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 13:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

API750.dll
Size

28KB
MD5

f6a79f19308b7c2d20b96480dd23db5e
SHA1

35588270010e1a2326ff0af5c4f3a3c424b63ef9
SHA256

98dae5ff7fccd0ae0a259188264084385cabf3f11a0b90f00f781550e1380674
SHA512

4b8e4907b06c7107a6502f08d0174ca8d69874ee2056abe61d6c450780d6470cf19c063fe20f5ba4b59115d12438e7607fd3b8ad3524d5c5872fa1662f5e23f5
SSDEEP

384:AsD5bQVy9T9AUMgfu+b1mlrA+1y2aloIo90MeFF48:Gy9TyITb+b6aIo90N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 2920	1224	rundll32.exe	83
PID 1224 wrote to memory of 2920	1224	rundll32.exe	83
PID 1224 wrote to memory of 2920	1224	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\API750.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\API750.dll,#1
  2⤵
  PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads