c275fa76cd231b14bc455b8bca71054349e900cdd4708bd5aa5f5d83880f27e1 | Triage

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 07:13

Sharing

Report Analysis Logs

General

Target

yccV3.dll
Size

231KB
MD5

101d63244d7ee78e902e1bebfafa5acb
SHA1

0d501d964237e3bb4c29ed893da8bc084d8b5cd0
SHA256

b644b78f3c0c949e454f13685790b9f91fea87715258adbc81c175c2794a09fb
SHA512

17969217a6045f401152c73c2edab2fc4017a721894759f6d8de5cf42c9c32f3a86ef3f62423d76351595896a367212e7a683b3c704879d379443c359a89ad69
SSDEEP

3072:TYhDJzq4xanmtqJqZRpXoKnH3nMwmFh9hAktZsuKuxNuDvP2m3Ofbj9E8DWuZHPM:QldXWthAktLHYafNLnZHZ5DM

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

rundll32.exe

description ioc process

File opened for modification C:\Windows\System32\drivers\gdrv3.sys rundll32.exe
File created C:\Windows\System32\drivers\gdrv3.sys rundll32.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

656

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1600 wrote to memory of 908	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 908	1600	rundll32.exe	rundll32.exe
PID 1600 wrote to memory of 908	1600	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\yccV3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\yccV3.dll,#1
2⤵
- Drops file in Drivers directory
PID:908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...