f003fc7873b3ebaced1ac2ea207a27ef9a3140f7d74c0305ac9cf8bdb64370bb | Triage

Analysis

max time kernel
131s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
16/06/2024, 12:18

Sharing

Report Analysis Logs

General

Target

kailleraclient.dll
Size

31KB
MD5

b11b0de608e167ab6c00d01e525eef64
SHA1

f0e3790f0a867f656ee614dc4e4a216515276cba
SHA256

dd6fc064d54e8d2e800b20ec9874dd33d6a2b0a210810936d3567a55c02cc51e
SHA512

0404d5e1f1ce6edd2438e845b02fa1bfba0c80858b7aab60c6ffaebfc2720a9a98b7f50902ee043bb9ce76d2b04a53890a7fe7a398f6cf9095ee54edc29da21b
SSDEEP

768:2MiLLbKGYg0H17PJc/3zJlQpn2YPrAR5tfPf4R67mbcDA1:rKXOP17PerAY+ARD4u61

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1796-0-0x0000000010000000-0x0000000010017000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1796	1352	rundll32.exe	78
PID 1352 wrote to memory of 1796	1352	rundll32.exe	78
PID 1352 wrote to memory of 1796	1352	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\kailleraclient.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\kailleraclient.dll,#1
  2⤵
  PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-0-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download