318440d1fdbe2178d0c00f259b27430b1d6951de2b436157d8ad2139a30f62b4 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17-07-2023 15:39

Sharing

Report Analysis Logs

General

Target

awdawcawdawdaw.dll
Size

364KB
MD5

7205f7a87ae43f2a44e957da375ec737
SHA1

c0f05bf3fac27fa03fdc19fae2d4bbd1e9c44132
SHA256

318440d1fdbe2178d0c00f259b27430b1d6951de2b436157d8ad2139a30f62b4
SHA512

be0c6174a8fff24043e7c4c19c37cf71cb751d33476d15e1cf29fa7ce1f6e993f0cae8c5ec02a96f1e75b1f909f9e94a6c4d6267bdb7dec88cadb9bf3ecdc4e2
SSDEEP

6144:xKwmzKKeCO9UAhB++UcyBhc9SsSSWNPXfer7EGjvlBRuncqXxCtHx:xKVwBewwcy7sIXfeEGj0zs

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2800	2676	rundll32.exe	28
PID 2676 wrote to memory of 2800	2676	rundll32.exe	28
PID 2676 wrote to memory of 2800	2676	rundll32.exe	28
PID 2676 wrote to memory of 2800	2676	rundll32.exe	28
PID 2676 wrote to memory of 2800	2676	rundll32.exe	28
PID 2676 wrote to memory of 2800	2676	rundll32.exe	28
PID 2676 wrote to memory of 2800	2676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\awdawcawdawdaw.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\awdawcawdawdaw.dll,#1
  2⤵
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads