6eef695d3a88dde1244f1b3f3c4dd9bf896c10430a7099946d1a1b83c2d8e0b2 | Triage

Analysis

max time kernel
132s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 12:26

Sharing

Report Analysis Logs

General

Target

JpMapControl.dll
Size

562KB
MD5

4cd15f1a9d9b368687b08bae7e2f95ce
SHA1

13a18f2506c5dab7942296f23f34495556373bc3
SHA256

6eef695d3a88dde1244f1b3f3c4dd9bf896c10430a7099946d1a1b83c2d8e0b2
SHA512

4afde5355b431efdb52a568ba187bb01e9f61460bbb20535efc7fae2911371b37124bd3762f2aa956d04bdf95855fc63343e0655a2e535a279d428a31e8d1301
SSDEEP

12288:mOnH8DUXCXL0VWYYiqZHJ7QqZprw6Owhc4u0LDelYh7rZr:dH8DUXU0VWYYis/ww2eeWtr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 1140	3088	rundll32.exe	82
PID 3088 wrote to memory of 1140	3088	rundll32.exe	82
PID 3088 wrote to memory of 1140	3088	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JpMapControl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JpMapControl.dll,#1
  2⤵
  PID:1140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads