9b6681103545432cd1373492297a6a12528f327d14a7416c2b71cfdcbdafc90b | Triage

Analysis

max time kernel
526s
max time network
528s
platform
windows7_x64
resource
win7-en
submitted
06/09/2021, 17:16

Sharing

Report Analysis Logs

General

Target

Notnice.jpg.dll
Size

258KB
MD5

d4b946b51dc21709f87a1a943ad7cbe3
SHA1

8c2a1c67493eff3990ab30862e094c34e6821eea
SHA256

9b6681103545432cd1373492297a6a12528f327d14a7416c2b71cfdcbdafc90b
SHA512

5416e92ce738dfc12db13cd03ea5c3317c528f947f51bb5a7873e72b4fdcc45109e7cb395aa09621458b93e95ae0436ca2da3076dd44b60207cf8d512336e4f3

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1204	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1204	1928	rundll32.exe	26
PID 1928 wrote to memory of 1204	1928	rundll32.exe	26
PID 1928 wrote to memory of 1204	1928	rundll32.exe	26
PID 1928 wrote to memory of 1204	1928	rundll32.exe	26
PID 1928 wrote to memory of 1204	1928	rundll32.exe	26
PID 1928 wrote to memory of 1204	1928	rundll32.exe	26
PID 1928 wrote to memory of 1204	1928	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Notnice.jpg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Notnice.jpg.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-54-0x0000000076421000-0x0000000076423000-memory.dmp

Filesize
8KB

Download