bfdad14a0a65572c3b2f255ae5f3b7e3603e85fbfccbb9dd20387abc75bca659 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 12:20

Sharing

Report Analysis Logs

General

Target

AppXDeploymentClient.dll
Size

194KB
MD5

31a648d3b844937209eb116025a22dd6
SHA1

1d4dc36a1e094409e2e856a4726024c9e1657bc4
SHA256

bfdad14a0a65572c3b2f255ae5f3b7e3603e85fbfccbb9dd20387abc75bca659
SHA512

74c84687cb1a0382ff4c71e4920a707bbc6f7f63ec52932d2082f4805c8bb0655503de1df9605ff01ee823f95cc48b6aec77b10c3a1aef04e6c14b94615ff37a
SSDEEP

6144:1ZM/5Q6rPwfIBmXBNB+89xxM9vNux4JoEJNbnz:bM/5Q6rPe97M9wx4JpJN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28
PID 2240 wrote to memory of 2288	2240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AppXDeploymentClient.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AppXDeploymentClient.dll,#1
  2⤵
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads