faaec99b094508562b983e03b3a3c8a2eb9ef86787ad4ff6ddbcb44ebf045e29 | Triage

Analysis

max time kernel
193s
max time network
196s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16-06-2024 05:58

Sharing

Report Analysis Logs

General

Target

wabimp.dll
Size

42KB
MD5

fd5791592f821f419276dc41041370f5
SHA1

529345646ace85659476f487b6c41eb3254edbb0
SHA256

db6b4ed4561e8730fda614ae1d213d5ba452353ac06f3c4bd1d896ea1668fa93
SHA512

5f92345c676438930b974c6a702e9129f1398477f28c9d320bf94b4626ec564066d32d287f2d28a2b8cdacb5d6d5722910c75b8bf4d59edfc6866242865551c6
SSDEEP

768:fegDSnBBghmExnQKwYh1uCEkbDLkYleUCIOqaKTsKGDcW:GgDSBBg0ExQKfhb3ST5KoKMc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 608 wrote to memory of 4960	608	rundll32.exe	rundll32.exe
PID 608 wrote to memory of 4960	608	rundll32.exe	rundll32.exe
PID 608 wrote to memory of 4960	608	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wabimp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:608

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wabimp.dll,#1
2⤵
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...