b474b15d0895ef9f6bd317c0aa884878360701f96e98ed5006529e2c53acb8cd | Triage

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 02:29

Sharing

Report Analysis Logs

General

Target

tv_w32.dll
Size

66KB
MD5

55b4875e6dd84b1a547a91a789515dfb
SHA1

ad598670ced636134f85c744f6283a16e3766d1f
SHA256

a0791b2f732fdd0c26483d9ef2d77e720d9ba267f887eccadff227bcf247a0a9
SHA512

d9dc737c25a56503bba8f3a2fa030c3dc1fe62f4313cb307203cdcac164fd6bb2fa2ab87be6806d4cf3d1ed1ec880a1c7f3d866e61c3a6005ca400ff9f99459a
SSDEEP

768:jSiTqh7w4Hj/jf/NJ5IGuQiK8BQAHPcDutF91+B/amykhJT/WyOOYP4Xd5:jTTqlzbNJEnB0Du/WB/rbWlPq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 232	5000	rundll32.exe	81
PID 5000 wrote to memory of 232	5000	rundll32.exe	81
PID 5000 wrote to memory of 232	5000	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tv_w32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\tv_w32.dll,#1
  2⤵
  PID:232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads