087a1f3444745efc15eac654cc4fa5759aa25abc0c9d81af0f0e12c8104e0d3e | Triage

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 12:36

Sharing

Report Analysis Logs

General

Target

Lskj.Push.dll
Size

53KB
MD5

6ff688f5ee0c013d104740b95e283af5
SHA1

5749e9fc3abadb3f45032940e4282c48b3835d29
SHA256

087a1f3444745efc15eac654cc4fa5759aa25abc0c9d81af0f0e12c8104e0d3e
SHA512

a98d4ac191997807df8f5c93195e2a500397326cedaf19aa16547a2e1f1442249f3e8a89c09be0a434cb158164f0943430734e9bd59014837f5c2c086344d73e
SSDEEP

1536:F8sneGlscT6GxI26XSoREYrIHdaDzHzO9tWOV:wXS4nI9aXHzacOV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 3880	1460	rundll32.exe	82
PID 1460 wrote to memory of 3880	1460	rundll32.exe	82
PID 1460 wrote to memory of 3880	1460	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lskj.Push.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Lskj.Push.dll,#1
  2⤵
  PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads