5105787d78690ef15723ed3ae5bb83f56d95a9285f7cc0208fd56a23bfa4c05d | Triage

Analysis

max time kernel
137s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 07:10

Sharing

Report Analysis Logs

General

Target

wweb32.dll
Size

109KB
MD5

eb45574c4b0105a1ba833cea12adf539
SHA1

11043ae5dfd1df4c09c5aab2b41955f6ab5bfc6e
SHA256

5105787d78690ef15723ed3ae5bb83f56d95a9285f7cc0208fd56a23bfa4c05d
SHA512

d2b157770bd1c58a0159185e6ea6fcea4395c7dd2eed838a7d0051f55969b6bb42d4ba0bf1b3ba5bbe0560504c82c920d3728dcb7077fafa9c57bc06102f5e1a
SSDEEP

3072:Om8qpg91B395Bm0tAyyB+UrFkpllAOkDHqAaPIU:OrOmTtq0tApcuKLPI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 1956	332	rundll32.exe	92
PID 332 wrote to memory of 1956	332	rundll32.exe	92
PID 332 wrote to memory of 1956	332	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wweb32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\wweb32.dll,#1
  2⤵
  PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3844 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads