df135707402bd01bc6a3c10d16f876f25bd16b8a85329687833490cebd9b0051 | Triage

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04/03/2023, 16:50

Sharing

Report Analysis Logs

General

Target

Core.dll
Size

415KB
MD5

c84299096ba8c3fede15d47f93bc78b6
SHA1

c8f6b470e58b17b6a7ec86e09612f6907858ef2b
SHA256

705a0023dabb3a9dc515c9bdd0816b51d3799b24cef69ba6bcaa9b4c37f00642
SHA512

213f2a81b6b1ae51e4a9af252947fe6331797649ee1f988e5b3d263141fdebd2cd305dc2f728a0e264c6111773ff880000bf9424653de263f8a0458870853c32
SSDEEP

12288:hbAli60dXoQJ3a5l4L/eh7mbnTtQYCblf2:QiRwyW7yTtglf2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 1172	1108	rundll32.exe	27
PID 1108 wrote to memory of 1172	1108	rundll32.exe	27
PID 1108 wrote to memory of 1172	1108	rundll32.exe	27
PID 1108 wrote to memory of 1172	1108	rundll32.exe	27
PID 1108 wrote to memory of 1172	1108	rundll32.exe	27
PID 1108 wrote to memory of 1172	1108	rundll32.exe	27
PID 1108 wrote to memory of 1172	1108	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Core.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Core.dll,#1
  2⤵
  PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads