25512356b45d1f25c9f5e1ebfd53005773f95a6354c12aa9e8801f764daf215f | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 16:10

Sharing

Report Analysis Logs

General

Target

SmartClient/IOTCAPIs.dll
Size

156KB
MD5

21d5169dc45b5ec2b9a479493ddb55c7
SHA1

77f8a3f74f210a23c0e3bed7c891956359a74aad
SHA256

038bc381c5f1d5d0e00074e56a7645a3b75337dfb530dba2ad6c59588fb089f7
SHA512

f5d5849f97d491a5a1495ae9bbc4dcd9c56c9958551c53716493655a8bb9cd8c129f4a42e14b7711e71b1c1fd8a3e8293348231cd558ad64586faa9e3ac8a182
SSDEEP

3072:cDBeXL0eMeKdzyTuY7WQDB2ZZcegpTptNtL:NXwv97Y7Begp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2388 wrote to memory of 4492	2388	rundll32.exe	rundll32.exe
PID 2388 wrote to memory of 4492	2388	rundll32.exe	rundll32.exe
PID 2388 wrote to memory of 4492	2388	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SmartClient\IOTCAPIs.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SmartClient\IOTCAPIs.dll,#1
2⤵
PID:4492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads