Analysis

  • max time kernel
    140s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 14:48

General

  • Target

    #!~#0PEn_9797_P@$SW0rd~!^!!$/vcl120.dll

  • Size

    1.9MB

  • MD5

    13a2734bb2249010514386ebc856b8da

  • SHA1

    8f6e3b30f30a5bba9bc6baaf8f440e085a6a568a

  • SHA256

    713c21d009000d504d9bcf3ce95d50e74d3933083783de144db0a16e2425ebcc

  • SHA512

    2f108436fc1a03591802ff6b8c6ac1de1c0388b2a2a6f8839c10b5f0ec06b66775f261da4ace05fa367eb46b5be533949c092e113fe1270adedb9cb8c34ba2dd

  • SSDEEP

    24576:O2gt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RPyS9YEPI5yz6I:ORSf0Ww+NpPSyzYY8c8YEPI4+I

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\#!~#0PEn_9797_P@$SW0rd~!^!!$\vcl120.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\#!~#0PEn_9797_P@$SW0rd~!^!!$\vcl120.dll,#1
      2⤵
        PID:1964
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2196

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads