c4a93d85f3bdd338ab1e531720fdd25295164709a5d907907a0736cce01abe3a | Triage

Analysis

max time kernel
125s
max time network
135s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18-07-2023 11:26

Sharing

Report Analysis Logs

General

Target

Version_Unlimited/bin/cc32100mt.dll
Size

1.1MB
MD5

1ec6fe4798163c9eab3bc7835fbf4f47
SHA1

98a866e8cd1668032709315998db64fae20b6690
SHA256

d221da673572c2d0c8edc23de7dfeea3e6cd6e994427ae48565a16751a3871bc
SHA512

5afa699507a790d757d05b251126d2dbf83db7808242586dbfe5d4dabe4b6506f266622f9c36490dcf29d89d78e0b97c2d4b960017255608a2f86e98759a1a43
SSDEEP

24576:476TpkGU8Y5weSSoaX4ripuXQ9hlbyRTzhRaWnEZN1e6HfSDu/hwY:Eejxn6N1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2560 wrote to memory of 1368	2560	rundll32.exe	rundll32.exe
PID 2560 wrote to memory of 1368	2560	rundll32.exe	rundll32.exe
PID 2560 wrote to memory of 1368	2560	rundll32.exe	rundll32.exe
PID 2560 wrote to memory of 1368	2560	rundll32.exe	rundll32.exe
PID 2560 wrote to memory of 1368	2560	rundll32.exe	rundll32.exe
PID 2560 wrote to memory of 1368	2560	rundll32.exe	rundll32.exe
PID 2560 wrote to memory of 1368	2560	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Version_Unlimited\bin\cc32100mt.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Version_Unlimited\bin\cc32100mt.dll,#1
  2⤵
  PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads