019ea41357a9f279b02ab96fa77048f4e3892503889fd2ebb0bab89dee405d72 | Triage

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 05:34

Sharing

Report Analysis Logs

General

Target

$APPDATA/mIRC/bin/dll/in_mp3.dll
Size

131KB
MD5

1ee1e74a21becd66e4d118ba476a99aa
SHA1

6526fd310031af47b89fc43f2552c0d51ca7d433
SHA256

5abbc7df04b481dbc1c44689ca65295c38ff35d12148dc48ee3faa98ebf1f4b5
SHA512

b8a70dad607f056b9e24abc714b46340013e9911908b51738ff1b2223739a29b16c8c3cf5cdbc5478b9d7daedc27983fb3714683ad302cced0a48096eef08167
SSDEEP

3072:7ftNK0Fvfasa+/RqIajLf7TejX5g3dHdf:7xN5qI0ZF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 4132	1264	rundll32.exe	84
PID 1264 wrote to memory of 4132	1264	rundll32.exe	84
PID 1264 wrote to memory of 4132	1264	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\mIRC\bin\dll\in_mp3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\mIRC\bin\dll\in_mp3.dll,#1
  2⤵
  PID:4132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads