39e1780e7003dfbeb31a0b0c1d1c9c72c7eeaafa30cd1408757b9ceb56916e93 | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 15:28

Sharing

Report Analysis Logs

General

Target

TKChatCtrl.dll
Size

104KB
MD5

704307aeddaa9334cbaff5bdf8bb6315
SHA1

ab3d945511a4d54f5a1190eb3b7471ced382ef0d
SHA256

687a5631b565d7807eebc30d06072a4dde0ad486ca25ee2593433b21597f93ee
SHA512

d94d9d39099e943f9662d93a83bdbcee45d72a03e5054b30b369dca3154553be69123d28b8ee54f803f0953af18a6af9e2611f060bd269f5fdd916b7d2db71bb
SSDEEP

1536:bakDKnpqdOEso0g/WyaAmFOvIvvdNNBx54I+FHwUqUoIoUjG84gwVdEFmU1:/DrdOEsbqavFR9NNn5/4YnEF

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1284	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1284	2040	rundll32.exe	28
PID 2040 wrote to memory of 1284	2040	rundll32.exe	28
PID 2040 wrote to memory of 1284	2040	rundll32.exe	28
PID 2040 wrote to memory of 1284	2040	rundll32.exe	28
PID 2040 wrote to memory of 1284	2040	rundll32.exe	28
PID 2040 wrote to memory of 1284	2040	rundll32.exe	28
PID 2040 wrote to memory of 1284	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\TKChatCtrl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\TKChatCtrl.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads