950183e402ec7f916f0d3d5df31d932a2feb4b6ee4a69474713f097bd9ac8cda | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
09-10-2023 18:24

Sharing

Report Analysis Logs

General

Target

pandora 10.1/pandora.dll
Size

9.0MB
MD5

8d025f922da2398035b08aa8e124e340
SHA1

0cfc7aedd672f1dbeb59f8476dcfa0468c9b58d2
SHA256

e04cc26f71a05330f5ac6d13ababfedf765befbcc984762c9431484c1af52494
SHA512

870229040e202d660e993c6979f65d21f797f80529cd3d6eea5551159eaaf05e63627d390451cd4c65b2cfbbb9889f809778a72a82d133b9c9b7e5e8e0005038
SSDEEP

196608:GYJY073r5daPcxNFk0s/VI/deHvb5iFRJZ:5vZxsddvFiFRJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2788	2880	rundll32.exe	28
PID 2880 wrote to memory of 2788	2880	rundll32.exe	28
PID 2880 wrote to memory of 2788	2880	rundll32.exe	28
PID 2880 wrote to memory of 2788	2880	rundll32.exe	28
PID 2880 wrote to memory of 2788	2880	rundll32.exe	28
PID 2880 wrote to memory of 2788	2880	rundll32.exe	28
PID 2880 wrote to memory of 2788	2880	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\pandora 10.1\pandora.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\pandora 10.1\pandora.dll",#1
  2⤵
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads