1efddf4fd5f371414bf2c9a95b550d1969430818adb34608b34aee0b04592b1c | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 11:58

Sharing

Report Analysis Logs

General

Target

Microsoft.VisualBasic.dll
Size

15KB
MD5

617258f5f8a02598fab71cea5e52029b
SHA1

6194e7db5bb8d91acb4b8e55953c99b00fa2e781
SHA256

1efddf4fd5f371414bf2c9a95b550d1969430818adb34608b34aee0b04592b1c
SHA512

208be43520e3901b0e197d888c6607bd3cd9ae8cf3d37557dfc3adb7a4d84ed5ed9e7ac97bffd54eadf4e6694e594eabfa940ba6b1fcb82fec96196a1e8909b2
SSDEEP

384:DFxWmH6t9QKW9Q3cgg/L6qoycyHRN7WEW4JeRlLpu:aUQMgg/L67Cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 4292	4288	rundll32.exe	83
PID 4288 wrote to memory of 4292	4288	rundll32.exe	83
PID 4288 wrote to memory of 4292	4288	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft.VisualBasic.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Microsoft.VisualBasic.dll,#1
  2⤵
  PID:4292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads