66745a4257b713585ce8e7b16edd8ae00d247f713ad6ea02dc4c39ef94b8c677 | Triage

Resubmissions

28-05-2024 10:29

240528-mjl2nafe8z 7

Analysis

max time kernel
146s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 10:29

Sharing

Report Analysis Logs

General

Target

libEGL.dll
Size

346KB
MD5

bd69da7f027cce989079107a03dcca2c
SHA1

49ada81426468b3e3607b5d36b7da116fe33fdca
SHA256

f31832152f5903bc2358a5eaadc1daa781169030f17cdb7348f19b4116640cb3
SHA512

30962cd45c58bfb9da1c432d0ec43eeb064a1f8b3381c93337170ec7817bd7f24fc3cdb1a3f88082c063eb49cf61998a92d3574f577516fca2697dd0898da3ab
SSDEEP

6144:WMsJQmSGv9SHEOCK6tNu2JztBwNWqERYRg2Z4uVPZIcwpJAc21DkbbTm:WmERK6tNVwNWqEnFuVPicAwV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 1660	4656	rundll32.exe	84
PID 4656 wrote to memory of 1660	4656	rundll32.exe	84
PID 4656 wrote to memory of 1660	4656	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
  2⤵
  PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads