73c6b13b3b97510d89aaeaf588a04e557bc5a63c4e27a9c6ed293d6454eb83ab | Triage

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 04:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

avcodec-54.dll
Size

14.4MB
MD5

663e1d81d1bf4c4157082fde69006d66
SHA1

7378f6881b2e934da9a4d01c82d98ae41587b1d7
SHA256

73c6b13b3b97510d89aaeaf588a04e557bc5a63c4e27a9c6ed293d6454eb83ab
SHA512

d4995913676747471fee10a8d304f3f14db1d8778af74385acb8ffb31a3a0c273ee2bfe4df0e9801fe9617561fb1300b802f4596c6ed58378719307347470a1f
SSDEEP

196608:01dVgNFV95JZRY9a1AHVJCw9gUzAWCrIU+bZ+h3g0KWjvAoIQNmqEqkB2005t3lY:CS+4hVBkIxXkpf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 3656	2800	rundll32.exe	80
PID 2800 wrote to memory of 3656	2800	rundll32.exe	80
PID 2800 wrote to memory of 3656	2800	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\avcodec-54.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\avcodec-54.dll,#1
  2⤵
  PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads