3e9583971a0de9f2f9951ed755f4a8856b939fa8516d41ff84b83ef47c9dc33f | Triage

Analysis

max time kernel
6s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
27/06/2024, 16:47

Sharing

Report Analysis Logs

General

Target

SickoMenu.dll
Size

2.4MB
MD5

0d991165986ba5e008ca5561ca22a815
SHA1

cf03dd1cbf711f91bf554b0168b7f9514f207ecb
SHA256

8c8b4db4a4e591b74db518905f3186f87646f5be785ae0f58ddd9b3ca30f2825
SHA512

ee0fb79ee30caf20ab4c6912c93b36d450d9952b404100ba022e6344726583979d801399f9fc616528e909e2b8e7f3cf53d6f9b9d235aeb6061cbd148d3ac838
SSDEEP

49152:gZfF8grFodt7ek2uw/KhJsBI3SZ/bLG5O13Glw83JO3pOPlOMHoszjTDzjYyo:gZGwodO//G5Of30P

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\sicko-prev-log.txt	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\sicko-log.txt	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 5116	2260	rundll32.exe	78
PID 2260 wrote to memory of 5116	2260	rundll32.exe	78
PID 2260 wrote to memory of 5116	2260	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SickoMenu.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SickoMenu.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:5116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads