721ff308a706259c674adbd7c1606f5d5636674dc372ab739f1224e0be06184a | Triage

Analysis

max time kernel
1633s
max time network
1636s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15-02-2023 14:00

Sharing

Report Analysis Logs

General

Target

t/setupres.dll
Size

75KB
MD5

f1f9e9bd62292768f433c4f894eadb58
SHA1

835aac8aa29b747cd90d44b9fef5683bf0f1f6d9
SHA256

7863ad82f7e1c036e48e928433932177a14670033028b42f44dafeacb40a86a9
SHA512

e59b908e54d162abc2aa2d814b71d1ff62a4d2105d2f22df8e8371b760111de30ca6e4f77e14ccbc2ec49eba3ff1013d023edb9f72c89bada17eaf4558ca669c
SSDEEP

1536:71z1GbzJ50O6ZTVATfXqKtyoR5Lc+CQYsWjcdx6my+F:7tUvyAXqSdo6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 272	856	rundll32.exe	28
PID 856 wrote to memory of 272	856	rundll32.exe	28
PID 856 wrote to memory of 272	856	rundll32.exe	28
PID 856 wrote to memory of 272	856	rundll32.exe	28
PID 856 wrote to memory of 272	856	rundll32.exe	28
PID 856 wrote to memory of 272	856	rundll32.exe	28
PID 856 wrote to memory of 272	856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\t\setupres.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\t\setupres.dll,#1
  2⤵
  PID:272

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
1⤵
PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/272-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download