8d0685eb6af60f910fd2ba0610ce27a43e543137446e85a720af842971e2985c | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

trqlzjmogj/war3.dll
Size

28KB
MD5

db53062a16cf568e55424f13a5254839
SHA1

14db340f897e63bc2670e9980e6c89ccf4bde372
SHA256

f660d709c652a83ef2d98a8966ef007164c0f9b589ed6468232172eefa6fce97
SHA512

7642db28c7d29a3793bde328576623b596f6dea47f8b0e577d3b7712fc1c1673578b2df0c8e3d7ce4e5f21c6eda55ae571b63cd79f1863507c49f86b9567b8c0
SSDEEP

384:IytKhT5Hr6cL+H3k+pmlHmycHsYovIo90+:0hThn+Xk+zirIo9z

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 3544	3036	rundll32.exe	84
PID 3036 wrote to memory of 3544	3036	rundll32.exe	84
PID 3036 wrote to memory of 3544	3036	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\trqlzjmogj\war3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\trqlzjmogj\war3.dll,#1
  2⤵
  PID:3544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads