0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 01:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/BgImage.dll
Size

7KB
MD5

ee255bdf426349e1caa8f1b71de9fd22
SHA1

d589773826620046df1d77dd148f819a88dd35ec
SHA256

a45f294137e2b0f6092eee8fdd2e19334f34ff3640d865a810b70f2104e92c21
SHA512

71eeb41b5816b7d0f9517264aaf026da878561b6a222064c8100e47c383de9ac369800b734468322f3a6fc3eedb1a23d3c5ca6874bd7bf84af08f395248872cc
SSDEEP

96:8ePik1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTc4j7J3kWyy/:tPdTJa2roqJyA2EN8diuTJje

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 4564	1892	rundll32.exe	82
PID 1892 wrote to memory of 4564	1892	rundll32.exe	82
PID 1892 wrote to memory of 4564	1892	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
  2⤵
  PID:4564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads