d24d1726864be6bf4458f9c23ab89c03506bbb7d662cb68c27dff4c97e560e91 | Triage

Analysis

max time kernel
93s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 07:13

Sharing

Report Analysis Logs

General

Target

bin/CWmpPlayer.dll
Size

35KB
MD5

b39b4b792cae177d61235dbc14ab2719
SHA1

9dd1dda0b7e22063eaa860a9d79a0489a5bca647
SHA256

08653575e5c67159bead27b775ff7e7521cdbaad6ba4255d06f4435d33a74df3
SHA512

d6f742a704bf3d731a9f28e8b3e4e501b3941dc29c56dce4ed136da4f971b5a09ae0c2733966b2476cc2e936223926da099504cc16b7040ae65b167242bfd791
SSDEEP

768:IMDbVZDprHj317bVbeoI5ApDzaOymcgwVwLWjbCUS:fDLJ1/VyfezaOymcgwVwafCUS

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 1836	4112	rundll32.exe	83
PID 4112 wrote to memory of 1836	4112	rundll32.exe	83
PID 4112 wrote to memory of 1836	4112	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\CWmpPlayer.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\CWmpPlayer.dll,#1
  2⤵
  PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads