216fb7546e123b0845890d9dbc5256721c47a06bcfa7710cc05faf35570b0034 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 21:16

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/vioij.dll
Size

125KB
MD5

d881eaa44c1ea41c7c01dc9fece62729
SHA1

a6738529f3a0411aa9632cbfb85f1c00089e962a
SHA256

106db993d66af7aefc0aea59b9023fc10a1305c9bd46ea1bd1b4f6a2c9bf50be
SHA512

e9958493b2452ad63d7374d169f43805cd1d5b2d222c9d719d73d6b21081d42e3103db908e602837fcc2bc3bebecc3106ab3b13df080e1863ba808192695b300
SSDEEP

3072:kclQ3DXue5DAxP0gYi9babpPjBWDJapmE:Z+juea0/iNabxEDJapmE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 1904	2424	rundll32.exe	28
PID 2424 wrote to memory of 1904	2424	rundll32.exe	28
PID 2424 wrote to memory of 1904	2424	rundll32.exe	28
PID 2424 wrote to memory of 1904	2424	rundll32.exe	28
PID 2424 wrote to memory of 1904	2424	rundll32.exe	28
PID 2424 wrote to memory of 1904	2424	rundll32.exe	28
PID 2424 wrote to memory of 1904	2424	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vioij.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vioij.dll,#1
  2⤵
  PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads