6275d0d29e5069c8d54a38e5def84243defa99c59de9917ad201c83c0d30a74b | Triage

Analysis

max time kernel
30s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 19:56

Sharing

Report Analysis Logs

General

Target

clrjit.dll
Size

1.1MB
MD5

18b23172da47e6cc379e9d6ec1ed54bc
SHA1

11bd02ab80b8d4bb27b2fa72a06dfe66bf873d19
SHA256

6275d0d29e5069c8d54a38e5def84243defa99c59de9917ad201c83c0d30a74b
SHA512

dd36608adc1c10fe2208dee895e310f0db2b29a1a5c402924e9ead392990a0ea530195c04e4724ec5b8a3dcb146686152762545a92fcec0ddd47830a980ccfaa
SSDEEP

24576:DccYcdZgKWXf3e1CvAi2IlmB9ntMBKceJJmh5r2WPwvLeFpXNVw4C:fXdZgHXfTG9tMBleafrFpXbw4C

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 2696	4420	rundll32.exe	82
PID 4420 wrote to memory of 2696	4420	rundll32.exe	82
PID 4420 wrote to memory of 2696	4420	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\clrjit.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\clrjit.dll,#1
  2⤵
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads