06b9e29f1e19e8d4fa375d1480689787d29c9e530090b6863ae0bc05d700199d | Triage

Analysis

max time kernel
72s
max time network
75s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 08:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Licensedlldlldlldlldlldll.dll
Size

133KB
MD5

f16dc6a3d0af1a0da5650126c1cfc93b
SHA1

82e1ef815cc2ca6d67dfb546492d4cec12d9fe6b
SHA256

06b9e29f1e19e8d4fa375d1480689787d29c9e530090b6863ae0bc05d700199d
SHA512

0c7d9952895796e495a2b76216fe6171744b085b0ff09d49edb129dc7bce339200fac03a64d1fec543bbacce5a4cf56e1fc98e074415436069390c71ff880406
SSDEEP

3072:T3wSeEN8bsEe0wwT+KKpiTxW7Cz4PLT85:TAEN8bFwIcIqCzILT8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2296	2332	rundll32.exe	28
PID 2332 wrote to memory of 2296	2332	rundll32.exe	28
PID 2332 wrote to memory of 2296	2332	rundll32.exe	28
PID 2332 wrote to memory of 2296	2332	rundll32.exe	28
PID 2332 wrote to memory of 2296	2332	rundll32.exe	28
PID 2332 wrote to memory of 2296	2332	rundll32.exe	28
PID 2332 wrote to memory of 2296	2332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Licensedlldlldlldlldlldll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Licensedlldlldlldlldlldll.dll,#1
  2⤵
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads