df7a355ae924d7b6edc8160639cecd5b98fcb00b70915928e12b6985fdecfaa1 | Triage

Analysis

max time kernel
121s
max time network
144s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 12:39

Sharing

Report Analysis Logs

General

Target

2e2db31e346966e60a9aaf95edeeac42.dll
Size

1.2MB
MD5

2e2db31e346966e60a9aaf95edeeac42
SHA1

a768bd0ae809c902f5050b4f9f60cdf9edb856c9
SHA256

df7a355ae924d7b6edc8160639cecd5b98fcb00b70915928e12b6985fdecfaa1
SHA512

76d7dfddc51d83e51203203b5ccc57ad8a2f6eb03f782e256a2f2109d0a39ab080f8454e744f874a7fb8776ba92fa33deab5e1bb4f98bf0297d94ffb71176d89
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA81ftxmbfYQJZKHcU:7I99DEWVtQA8Zmn08

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 340	2564	rundll32.exe	28
PID 2564 wrote to memory of 340	2564	rundll32.exe	28
PID 2564 wrote to memory of 340	2564	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e2db31e346966e60a9aaf95edeeac42.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2564 -s 56
  2⤵
  PID:340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads