947028d5cad78cfcbbbc48e62a5b5937cda7a3fefbf4beec9dd4f4b277122b00 | Triage

Resubmissions

10-06-2024 12:51

240610-p3xcvawbpc 3

10-06-2024 12:45

240610-py5teswenl 8

10-06-2024 12:41

240610-pwrh1svgrh 8

10-06-2024 12:23

240610-pklhmavcje 8

Analysis

max time kernel
1799s
max time network
1802s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
10-06-2024 12:51

Sharing

Report Analysis Logs

General

Target

JHvy.dll
Size

4.8MB
MD5

c54c58484c9dfd9867ab157b8e3131d9
SHA1

4d0b51e58686b273e7f186ce5814abf28c9029df
SHA256

05ab428fc0b171957e9144351a7480cfea2f617f20dd23c145736bd0a22eb041
SHA512

6538253e19255ed4ade77f99df16f5b0ab73d07b85fc4ab8662b3cf752fb8a3530032e6d180f02fef9aa448b9ccb4147db8243bab83248f269c21780dec99995
SSDEEP

98304:7JdnPPSZxVhU2ygPHHQ74ciwRmAd8+/4QOHF:7zPd21RciIlx/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 2504	4836	rundll32.exe	77
PID 4836 wrote to memory of 2504	4836	rundll32.exe	77
PID 4836 wrote to memory of 2504	4836	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JHvy.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\JHvy.dll,#1
  2⤵
  PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads