6acad13221b8e15e7d5bcd3f3705c8da7751550bc6e6bf42fc23d17d0eda1a50 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 22:45

Sharing

Report Analysis Logs

General

Target

yrcvb.dll
Size

11KB
MD5

8d80a618809cc8ce5970b0839f0e2b5a
SHA1

34af09ca5aa646debe4d2bd06fd5b3c3b7a43b09
SHA256

f4163107f632e0b431c38652eb297733f4f01d37576100673a47370da9221159
SHA512

21bfab7002044c7b33d99de355b49357ae5c45c8781ae080a906c091621ab55e39444e3ecfe04345022ab214dd50f38df0387a3386e0442312cc614bc8b397bf
SSDEEP

192:s6/In3h0bUe1nJBmKESoXIIbzuStOiKazVWGUwkcU:s6ax0B1nJBbxojuStORazsV

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid	Process
1940	rundll32.exe
1940	rundll32.exe
1940	rundll32.exe
1940	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28
PID 616 wrote to memory of 1940	616	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\yrcvb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\yrcvb.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1940-0-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download