b2b926e5bbb50739b815b52f6e3c703f8aa3d1f8d2934f4c1ba6881d15b6a01e | Triage

Analysis

max time kernel
133s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 12:09

Sharing

Report Analysis Logs

General

Target

CassiniDev4-lib.dll
Size

128KB
MD5

e43c4fca8b6460bbb7770fd153afff79
SHA1

3f98a1b9e8a7a8de77635e65a9f350231be01e41
SHA256

b2b926e5bbb50739b815b52f6e3c703f8aa3d1f8d2934f4c1ba6881d15b6a01e
SHA512

4a8cf41753f719ad26f61d8c24308990c70d7cf1ece239772b9959e836ac898a28042d87583b15628de0b98dfe5e2adcd0893b2c7c9eb21949beb7e38c986609
SSDEEP

3072:PZJXCxEo1qc5U0GHp1sY5r2UMB10YWY/K9NWhJSUG54s4/YeR54sr/o4+:PIDToj96jY1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 4724	2248	rundll32.exe	85
PID 2248 wrote to memory of 4724	2248	rundll32.exe	85
PID 2248 wrote to memory of 4724	2248	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\CassiniDev4-lib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\CassiniDev4-lib.dll,#1
  2⤵
  PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads