06a7b74e5179f900d6f300938e288f3660d0f742e762fb781e547f1047a1409d | Triage

Analysis

max time kernel
134s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 11:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PlaySndSrv.dll
Size

79KB
MD5

8f39fffba71e1d9afeef124a5df2b48e
SHA1

06d22f9db8fd1765b9d8073a823f196802f60972
SHA256

06a7b74e5179f900d6f300938e288f3660d0f742e762fb781e547f1047a1409d
SHA512

b43a459b7201bd9da222f7e3867c11b76ad75bce3e68ddfe6c7ffd20526dbf5347fd67f8c875c386b0bc31dda744ee99f19a51389892cca4a99401c507e37c39
SSDEEP

1536:rojw8yNRpL2LwOPh8iX6/sQZbMkN4Az/wVpTVda6MyTj7HD+4Be5nj7HD+N:r/4jhUZZNVLwzyuT3zAn34

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 3252	1364	rundll32.exe	85
PID 1364 wrote to memory of 3252	1364	rundll32.exe	85
PID 1364 wrote to memory of 3252	1364	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PlaySndSrv.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PlaySndSrv.dll,#1
  2⤵
  PID:3252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads