2c16df586856e0d5ef10f27b6bafdf9c2445aa877d6a139f2eb4cd88a26f4003 | Triage

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
01-08-2023 06:06

Sharing

Report Analysis Logs

General

Target

download.dll
Size

1.2MB
MD5

3fd34181978cd402ac4d79febf8cf38a
SHA1

47666948796987008e2ded94baa9185d2e79dc26
SHA256

2c16df586856e0d5ef10f27b6bafdf9c2445aa877d6a139f2eb4cd88a26f4003
SHA512

514ebe7e9e169de0fb95ac6d3ea0e108e46fe6e7e8525ebffd6bf93fd40f2a45856f513b63a7dbeda3d38ed7ad0eb1605b1f98a72ad297b8a74bf2355c22e1c5
SSDEEP

24576:NOsrLYC8sGCbCjNtiVqDli72BnrFM5GrkQPXHMtR1tD1rMtTdevK0iV/jU:ikcaGTdndU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2064 wrote to memory of 2056	2064	rundll32.exe	rundll32.exe
PID 2064 wrote to memory of 2056	2064	rundll32.exe	rundll32.exe
PID 2064 wrote to memory of 2056	2064	rundll32.exe	rundll32.exe
PID 2064 wrote to memory of 2056	2064	rundll32.exe	rundll32.exe
PID 2064 wrote to memory of 2056	2064	rundll32.exe	rundll32.exe
PID 2064 wrote to memory of 2056	2064	rundll32.exe	rundll32.exe
PID 2064 wrote to memory of 2056	2064	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\download.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\download.dll,#1
  2⤵
  PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads