Resubmissions

16-06-2024 21:02

240616-zveg6s1hll 9

Analysis

  • max time kernel
    262s
  • max time network
    271s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 21:02

General

  • Target

    Poderes mágicos V4/Vape v4/Kangaroo.dll

  • Size

    37KB

  • MD5

    0d20c7671e3ac37e06c45463a662f5ce

  • SHA1

    6340fd8c7e4b8a7d1971cf696729a17f1a55e055

  • SHA256

    c954784ce0758429d67356d5402dea1873e4ca4b02c1bdb549e628eab380b081

  • SHA512

    e3df39848674403809ad17d7e4009090cdf1973db757a3bf2610845c5bef403fdf86b46ba50415bb585f047f497940b3993fb508406c4e9de049a00203b4f3d8

  • SSDEEP

    768:uvIDGix5UKUQ5Pscf6utGsBp3Zua/HOx:uADuKUWsNCBpbu

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Poderes mágicos V4\Vape v4\Kangaroo.dll",#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/672-0-0x000002263B6C0000-0x000002263B72B000-memory.dmp

    Filesize

    428KB