6a46a0ab83ae8650604fe6420131849a3c6f5cba7c7d78cba59e150a5e574d86 | Triage

Analysis

max time kernel
120s
max time network
140s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 15:50

Sharing

Report Analysis Logs

General

Target

e6ecaefdac0110579c67d6fed6457c51.dll
Size

1.2MB
MD5

e6ecaefdac0110579c67d6fed6457c51
SHA1

026c26e5b5affe35e59a42254da6dd3500a0e809
SHA256

6a46a0ab83ae8650604fe6420131849a3c6f5cba7c7d78cba59e150a5e574d86
SHA512

0d8b5c6f8fe74cd49ac7f1cd1873ecf215d4f6db9dd5d9d19c3f764a03af7527c20b07df6b5fd91a94b3357c160abeeefcb8204ca9de0a71cdcdd824337c2417
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAQ1ftxmbfYQJZKSow:7I99DEWVtQAQZmn0r

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2576	2684	rundll32.exe	28
PID 2684 wrote to memory of 2576	2684	rundll32.exe	28
PID 2684 wrote to memory of 2576	2684	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6ecaefdac0110579c67d6fed6457c51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2684 -s 56
  2⤵
  PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads