6ec79179c1e61df21e38b754017b672d559f0537ce0a3b64afe7df97025fd01d | Triage

Analysis

max time kernel
1563s
max time network
1576s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 10:38

Sharing

Report Analysis Logs

General

Target

buffer_zlib.dll
Size

117KB
MD5

624975310b6cb5fa9b9e9369790089d9
SHA1

9f6815572564529eff368905892e8413a32d684b
SHA256

99d19ea518396d3abf789f7a1814d69f5dd4ec8100e2e7337258a8fd898f53ea
SHA512

7897f34e6b4bd688cabe87d642ed8b62e72183ebd1dfbc1f5e13f91e5bfc67f06745131573773b8710e8470c40e2a593b7d1376456df34217767bd9fa7f101df
SSDEEP

3072:vqI/2TWPw865RD1x0n2GucmEFLu6Y/5sbhGQY2vWTBfZYtBR2EGI:vqIP6RD1TGJzu6Y/5sbheTBRYt/pGI

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2676	1700	rundll32.exe	28
PID 1700 wrote to memory of 2676	1700	rundll32.exe	28
PID 1700 wrote to memory of 2676	1700	rundll32.exe	28
PID 1700 wrote to memory of 2676	1700	rundll32.exe	28
PID 1700 wrote to memory of 2676	1700	rundll32.exe	28
PID 1700 wrote to memory of 2676	1700	rundll32.exe	28
PID 1700 wrote to memory of 2676	1700	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\buffer_zlib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\buffer_zlib.dll,#1
  2⤵
  PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads