daffaa21f751d95ca7461a21f4b49718a66fd7a2391dd0d96643ace0e9afcb43 | Triage

Analysis

max time kernel
132s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 10:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dwzhq/zjhs/ExtMenu.dll
Size

172KB
MD5

786f453ec7bc1b0faa9cd067b1445421
SHA1

6e5a085381a11d9de10659fa78d209872d8b7dcd
SHA256

01124785a2655469302f4e1a9aa8c2149f60eefedce1222434b9629932035ed3
SHA512

b4dc10dfa087d3c476a29a3857f80bff81f37f95bbae7d64cce279225fc70dfa1753f976b849a72be5d568d88e7d04521497489d429bd0cdded2cb36a3e92356
SSDEEP

3072:CT0q7BM8GJ8i4CQe0xR59u9BuuoBhSX3N2:C7VMoCgE9BusXd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1776	884	rundll32.exe	82
PID 884 wrote to memory of 1776	884	rundll32.exe	82
PID 884 wrote to memory of 1776	884	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dwzhq\zjhs\ExtMenu.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dwzhq\zjhs\ExtMenu.dll,#1
  2⤵
  PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads