a785881a9cadb30202026191d72c14636053f85f285027d48b80824240c20025 | Triage

Analysis

max time kernel
91s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 06:27

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/HFEOcvgSYMg.dll
Size

1.2MB
MD5

0bf5b0d4c3f8388c62f94a1171297029
SHA1

0339a2ff16e6cfbb2e1d35c5880d938391d8b858
SHA256

8dd6114cc76b0ff44225dfdb1069b43b7a9fcb78564fbec01e8b86761e63bb22
SHA512

bd3fe35c220ad64697b8a141a3b0aefce68c9e1bbebef31e230b339e0ed6ac9f9992b9ad32c1ff10adf56ca9e1c729aafc64a9e477887e9b1116458eec5fd6db
SSDEEP

24576:Sj6W4f3Tqh2PYwElC7WZA/evcZkWsCK8Zq:9W462tEoKievcZfsCVZq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 2400	3620	rundll32.exe	83
PID 3620 wrote to memory of 2400	3620	rundll32.exe	83
PID 3620 wrote to memory of 2400	3620	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\HFEOcvgSYMg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\HFEOcvgSYMg.dll,#1
  2⤵
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads