3ad70f502532346cfed2407b5d6e71376eaac84f09b1fa93bd9dbee220b8da39 | Triage

Analysis

max time kernel
149s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 01:58

Sharing

Report Analysis Logs

General

Target

aross.dll
Size

20KB
MD5

69b34eeaa93884d81b1445a272cd27df
SHA1

a10312b366b76d39d45d571ed37e6768ab1429df
SHA256

22f591d6df14cc97acd2922cb4f63479e080a3760e750ee34ffd1890e29745a4
SHA512

20872067ed4617a1b5ccb27202b783df8edbee210cd699efb092003ab24eabe4a4cd81149064ffcc231bb16745908a93721fb299b4dc76643d674681d1348a47
SSDEEP

48:SpWIVblx09ORiHrazTSyVaYncTd8cVjYG4gh/CDtx+r2rOZAe6N7pqRq:2svHrYTfE4cScChxuZ+7z

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 3164	3636	rundll32.exe	80
PID 3636 wrote to memory of 3164	3636	rundll32.exe	80
PID 3636 wrote to memory of 3164	3636	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aross.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aross.dll,#1
  2⤵
  PID:3164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads