6c6623787ae81d19e1199da95a9d1980d1fe7ec8a91ee75f219c27262dfcdc42 | Triage

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-04-2023 15:36

Sharing

Report Analysis Logs

General

Target

dtQOiiSe.dll
Size

229KB
MD5

e43f21732e357ac28674842585dad8b2
SHA1

704aa4365c952633d6e8b2f4331a2c3b45fef1ea
SHA256

6c6623787ae81d19e1199da95a9d1980d1fe7ec8a91ee75f219c27262dfcdc42
SHA512

684b5f754cd1d6cfacfb2d9783d9a4210e6a04d29723b26f034c43e90bb6b6c508042cd116bf8b6e8e997739c73cc587c8e25d5937b2d1aa6782e5b7a5d96813
SSDEEP

3072:Z3PpKjAr1AaA+y23h0xFu92Hs8gEHm1XRZqSplVil/A2g5tqgZE+89TBXn:NAAr1AaA+N2xFy2He5tJEhBX

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1904	2024	WerFault.exe	20

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1904	2024	rundll32.exe	27
PID 2024 wrote to memory of 1904	2024	rundll32.exe	27
PID 2024 wrote to memory of 1904	2024	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dtQOiiSe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2024 -s 124
  2⤵
  - Program crash
  PID:1904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads