6615dda3718170a2c4946ebf0a62ad4f36b707c1d984011f866ff56dd2c3cc24 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30/05/2023, 23:57

Sharing

Report Analysis Logs

General

Target

A290.dll
Size

976KB
MD5

061a8b23a85b75400cd719fd173767c3
SHA1

05a7ee8edfb504be3cb6c4e5230fc3994586bf1e
SHA256

6615dda3718170a2c4946ebf0a62ad4f36b707c1d984011f866ff56dd2c3cc24
SHA512

afb49e376023ea801421315277579f7a9745ac3e84a909382d3732a51b6ec3f9e638d31e3a90dde7e91bdc642a583b73e9d0a55b7083245ef5156250fa04cedc
SSDEEP

24576:D7AkdHt+UnNtqbVotX4Dw/9JGCZdBK/+NYouXFPn/yd4p:DZ8RDwlJGoY7Xp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 1236	856	rundll32.exe	28
PID 856 wrote to memory of 1236	856	rundll32.exe	28
PID 856 wrote to memory of 1236	856	rundll32.exe	28
PID 856 wrote to memory of 1236	856	rundll32.exe	28
PID 856 wrote to memory of 1236	856	rundll32.exe	28
PID 856 wrote to memory of 1236	856	rundll32.exe	28
PID 856 wrote to memory of 1236	856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\A290.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\A290.dll,#1
  2⤵
  PID:1236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads