acf5f287aafdba84320a72f3f138d40848c353e9732f0e832871cbea50359097 | Triage

Analysis

max time kernel
123s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 10:09

Sharing

Report Analysis Logs

General

Target

Dork Search V3/x86/SQLite.Interop.dll
Size

1.1MB
MD5

544ef841728185f7a4766e5f12b290f2
SHA1

744c3032c5d6b2bce2883a9f937ac1f4d941da00
SHA256

2fe073d8b5b42f18b4009340538148b12aed7e4903c6a62822f7cedfb558fa8b
SHA512

65201c85e7fb7adefcd57692fd68dd5625c88a58d59c8344c29d8f28255d173bfe8846e794bb9a30c8f9e0599f38dbf482fe5235431e1c4e86b86a78bc1203fc
SSDEEP

24576:7VvYDXUSpZtNn0kzPp/nAsHi7fjkBl5u:7IXUkW6o

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 324 wrote to memory of 2936	324	rundll32.exe	89
PID 324 wrote to memory of 2936	324	rundll32.exe	89
PID 324 wrote to memory of 2936	324	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dork Search V3\x86\SQLite.Interop.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dork Search V3\x86\SQLite.Interop.dll",#1
  2⤵
  PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4320,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:8
1⤵
PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads