ee321479d2cb6af6df031ebf8efad9ae912919d736ea7144155ac3200d323722 | Triage

Analysis

max time kernel
439s
max time network
444s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15/07/2024, 08:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

WinSparkle.dll
Size

1.8MB
MD5

1e1f8765992bfc5b7326a03fbe7ee9ad
SHA1

af44a147f18ddf073414d22a550379f5233e414b
SHA256

14d9ada9fd17ad089d7dea3a4b6e7117f132b23cd150323c60df5ffda5c72b6f
SHA512

4ecadc62edc1525b4d3f4183b14b79cc7959e4b6134da8e359686003f963ea1a0b993c24a944f2e703ba1db8e73c366b0351e0f3953b0d82131237953eff7cba
SSDEEP

49152:IYemLtvBeY7YU4zamHqEWgNHHPh8hak9e:IYem5BKU4zamHq0A

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3200	rundll32.exe
3200	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 3200	4596	rundll32.exe	78
PID 4596 wrote to memory of 3200	4596	rundll32.exe	78
PID 4596 wrote to memory of 3200	4596	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WinSparkle.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\WinSparkle.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads