d9e7a6c034d6e4abbfa1dcdebab05249cda0b71fd1331e54f0321082382a1690 | Triage

Analysis

max time kernel
145s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 11:45

Sharing

Report Analysis Logs

General

Target

D2Sound.dll
Size

96KB
MD5

4af0d6d442ac236a217a6976005251f8
SHA1

b99bdccd839972449b57d3c691c9659132cecc71
SHA256

d9e7a6c034d6e4abbfa1dcdebab05249cda0b71fd1331e54f0321082382a1690
SHA512

72afe32e4f71f2379f7638043fcb50696c18e82224c978c4efa285f1ddf653a847c6da72cb50b6722346575573016692aa2445696461c8e2cf6145423908250c
SSDEEP

1536:Q6RBGMSn098Lm16rR6nyyMai9W62Y2DJRhWFvtmgMbFukgDL3:5dS0KV6nyyMai9GDtW1Ag0FukgDL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4416	4864	rundll32.exe	83
PID 4864 wrote to memory of 4416	4864	rundll32.exe	83
PID 4864 wrote to memory of 4416	4864	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\D2Sound.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\D2Sound.dll,#1
  2⤵
  PID:4416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads