0f703b86e8b9e8572c16e37dc7d983567e143e45d2aea03112353f29db7ffd4b

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SkinSE.dll
Size

912KB
MD5

535529273df381303b2131d4e849e365
SHA1

1a8697955b1ffb2bcc51ea4d547aa89afb698cf8
SHA256

40f77ef4ae16863ff4e817d8da57e89f4b4eaef6560b10ba31727726c1d5d00d
SHA512

7592f5d99d933e0b0e886dc60db8e536c0290b496df482aa20c1a880673ed32700f3281aa57a7378e8905138fc3c32d5eea301f1ec034e94bba68fd5bebd33fd
SSDEEP

24576:nYvsPHKc+ml7OaPrGNRDox4HH34hsRc78YrESp/r2LnaDZJ3yFxo+SPpFLbKcTfN:96P7FxoRF7T9Yg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4672 wrote to memory of 2176	4672	rundll32.exe	80
PID 4672 wrote to memory of 2176	4672	rundll32.exe	80
PID 4672 wrote to memory of 2176	4672	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SkinSE.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SkinSE.dll,#1
  2⤵
  PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-18-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-17-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-16-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-15-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-14-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-13-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-12-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-11-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-10-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-9-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-8-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-7-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-6-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-5-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-4-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-3-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-2-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-1-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download
memory/2176-0-0x000000001001D000-0x000000001001E000-memory.dmp

Filesize
4KB

Download