9296e55823555b12ac1d5896ddac964741c43577b3fd44955ce5bf1dd5b89500 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 13:17

Sharing

Report Analysis Logs

General

Target

资料/__init__/_asyncio.dll
Size

70KB
MD5

1e91eedfaa8f43e106db442596fe4b6a
SHA1

99cd8cdbbb1a7e86a0eb933119bec952a2ec03f0
SHA256

b27d96cf29c0d38ac26e81462d6ee8df87771fffa2ffacd66583f673ddbce1d2
SHA512

f274268eb8c862fab85f1fd9f2786aa4c027ba06ab5a3de1dd23b96f7fc0b81870d452208fe1c822a17a199318d97ee87d6a58fd826ce3bef703f6caa24dd07e
SSDEEP

1536:EHKwmxMTJP+m6IVySzKK3RRXiVIzsnv7uyv:EHlTl+KV1RRXiVIzsnv7x

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 3052	2632	rundll32.exe	30
PID 2632 wrote to memory of 3052	2632	rundll32.exe	30
PID 2632 wrote to memory of 3052	2632	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\资料\__init__\_asyncio.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2632 -s 96
  2⤵
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads