c09e8128d00a6c0ca5e5595ba443393362a8b4596ffa5f008229b104532dd9a8 | Triage

Analysis

max time kernel
211s
max time network
269s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
30/05/2024, 10:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SAM.API.dll
Size

29KB
MD5

f91aeae79a56c3a371dae87a11119b12
SHA1

78f7dbfc1cb15ac4b0545bc00e3d4241d905d19f
SHA256

fb7e66061c8699e7dad3a3233cb34e9f70a2bf66b9acfbc9867e2ad616b6bb37
SHA512

d626f3ca6a86b5eb2483cc8399bcef661b77089e2e5666306e64e9d3c31fd8aebfd67eb77bbd343ad483a24e07979ae651fb9a16db3f8c235a59d56a5b094e71
SSDEEP

384:spNWy+ns1plvJndb0xB8DwCVVYfOlolsBIWRh3rk2cdUNbi6mm7E5eADfa:h5ns1pOaVYfOloiR92jI7E5i

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 4688	1460	rundll32.exe	76
PID 1460 wrote to memory of 4688	1460	rundll32.exe	76
PID 1460 wrote to memory of 4688	1460	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SAM.API.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SAM.API.dll,#1
  2⤵
  PID:4688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads