bb2c0f8952c81ef515102521083091df311b71929dc075a506a93cc5d8855527 | Triage

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 01:43

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/BgImage.dll
Size

7KB
MD5

e9f3051a79f12aed819b91f028a463c1
SHA1

d088868584cdc04d391ec27cd318034a5ce562bc
SHA256

91b8073e8e67945e14fb10963fc9101fae8c298bd4cd7080b4e47b5bdd4af85c
SHA512

eac1fb48403959dc8a5ed20d8ced83c2276c510a781191c9f850bd3a9214c10c8ae0a4d9159dc3bb08f9686bc62f25dd31cccdcc48f568cc8678012333afe894
SSDEEP

96:8eKGk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTo4j7J3kWyy/:tKhTJa2roqJyA2EN8diuTVje

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3176 wrote to memory of 5016	3176	rundll32.exe	rundll32.exe
PID 3176 wrote to memory of 5016	3176	rundll32.exe	rundll32.exe
PID 3176 wrote to memory of 5016	3176	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3176

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...