Analysis

  • max time kernel
    1563s
  • max time network
    1573s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 01:29

General

  • Target

    System.ComponentModel.EventBasedAsync.dll

  • Size

    46KB

  • MD5

    85d20e23388d25b8955b02fab8d2c1e0

  • SHA1

    7cda8864afa3bd85fe6be57719731ee41989849d

  • SHA256

    98ccfbdc64490d49b5893288e7acad0831eefc015b9743b75aac146e599df9a9

  • SHA512

    21c9a325361ba8c989b61801fb63e7ca1d5a95aaa2bb6c8fd0f3875d9104f79e8fb694b852497b008f4f9ee259468841be7e490e4df34eb816a00b0157f7e795

  • SSDEEP

    384:bWTwWifTTZa1IdWBj/D3fM57bQfL9XkWovbJKfCvDXxO88+aEZ4jIwVQBvyW1QUg:0Dlzfw7EBWd88IVq4F/it9zO/f

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.ComponentModel.EventBasedAsync.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.ComponentModel.EventBasedAsync.dll,#1
      2⤵
        PID:2396

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads