9f732f21cd6bea13a4dbabbf90aa687cafd5b4b530ec27066152479e37f4cec8 | Triage

Analysis

max time kernel
17s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 06:33

Sharing

Report Analysis Logs

General

Target

overhauled/honorary.dll
Size

1.1MB
MD5

27eeb5dcd9a3a0595abfb91e9bb3b5ba
SHA1

7d83ca3c84666f6cdfd80e2c381f2705d23f0092
SHA256

35112867ca795712c7a894f142356e6719a31109a5cb8d62100923abfdd7e2ee
SHA512

7050510510a2c1fc3c8644e8ee10ea5000e66a9497d4a075504bdce147d6d021dde49c8d7649485357143914644053e39eb48554430480ad69e8d3b607d979d4
SSDEEP

24576:g8Z3shoA9qB8DvUAZkl9iIDIQIFaOGYnknF6:g8vmqB8DUAZklKxnknF6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 536 wrote to memory of 1064	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1064	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1064	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1064	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1064	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1064	536	rundll32.exe	rundll32.exe
PID 536 wrote to memory of 1064	536	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\overhauled\honorary.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\overhauled\honorary.dll,#1
2⤵
PID:1064

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1064-54-0x0000000000000000-mapping.dmp

Download
memory/1064-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download