09cf2e656a796893da2ee76c4ceab6b161cf22c13f1db8338122e7fa6b1110ce | Triage

Analysis

max time kernel
134s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 12:13

Sharing

Report Analysis Logs

General

Target

SensApi.dll
Size

10KB
MD5

3b5f18eb0cd6512bfa9e72487bc091f7
SHA1

8233324d59899261a3b5c96c4b0bb1f2a09baaf6
SHA256

09cf2e656a796893da2ee76c4ceab6b161cf22c13f1db8338122e7fa6b1110ce
SHA512

58f3a715bb227097deb80263ff9672ede4236a8fce7fb3b6172f17223c8ae76fdd1027bbee2d05ee7207f9b1f1061166d20a54212d0123defccd1a3e670f992e
SSDEEP

192:rMTqRLIyTI0BPjWotqQ/cGITJTpqmbJm41tP6Ei+WwKWBH:rM+RsW/BCotqQ/cGITNIm0iP63+WwKW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 4212	4808	rundll32.exe	82
PID 4808 wrote to memory of 4212	4808	rundll32.exe	82
PID 4808 wrote to memory of 4212	4808	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SensApi.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SensApi.dll,#1
  2⤵
  PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads