60d30a20c039c6a27046a2e47fde076895bd48ea4a019fb40f6cf9d75f403592 | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 21:29

Sharing

Report Analysis Logs

General

Target

PaiPai/Uninstall.dll
Size

20KB
MD5

f25f1605df8048c56127cf4e9d116aef
SHA1

f84b0cf1dc77e0a5ca461b24a3666cb7d14764f1
SHA256

7e11a9031d32b9e13da6b292338710b25dbc14a58e996f5e4f7ee6dbdba7e223
SHA512

fb6ad18cd3c3c0269434e355053384bc97ce7502e96a0154fad8ebbd094b67d0201de6ac1b2a600d6677563a20198896b12646986fd0e514b60de90357d4d3ce
SSDEEP

96:EZaGJ6FIzAPRa0tIcw++XT8aWuM6qhotA:7yNAZa0t6+y2WyD

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
4	2992	rundll32.exe
8	2992	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2992	2976	rundll32.exe	28
PID 2976 wrote to memory of 2992	2976	rundll32.exe	28
PID 2976 wrote to memory of 2992	2976	rundll32.exe	28
PID 2976 wrote to memory of 2992	2976	rundll32.exe	28
PID 2976 wrote to memory of 2992	2976	rundll32.exe	28
PID 2976 wrote to memory of 2992	2976	rundll32.exe	28
PID 2976 wrote to memory of 2992	2976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PaiPai\Uninstall.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PaiPai\Uninstall.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads