feb77740eb6d9683514987b51d8d4148f3521d2971525aff05516bc181db917f | Triage

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 02:53

Sharing

Report Analysis Logs

General

Target

GlkEspaol.dll
Size

94KB
MD5

b3a2743ee067ed8c17aa8c831a350687
SHA1

ff9c5496b51cad90436a13827e1ead6ef228d4be
SHA256

6cd5326a1e022c84c51fe402012e8a8f658e6fefc6cafb9ab4a6ed33dd514597
SHA512

0167e5b67749ad29e76b8b554b01b2376314e6ff9a4056e568f60f145748c77711b0b3255bd23a9dbb6e5235bd2323169d65f1d0c6949849b0374758b21a2ddb
SSDEEP

1536:ubdzuyfeon+xMR8pTy9cIZENsWMcdb8H+gRP+MVjX:ubwAeonDR8pTsutb8H+gpxjX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2348	3000	rundll32.exe	28
PID 3000 wrote to memory of 2348	3000	rundll32.exe	28
PID 3000 wrote to memory of 2348	3000	rundll32.exe	28
PID 3000 wrote to memory of 2348	3000	rundll32.exe	28
PID 3000 wrote to memory of 2348	3000	rundll32.exe	28
PID 3000 wrote to memory of 2348	3000	rundll32.exe	28
PID 3000 wrote to memory of 2348	3000	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GlkEspaol.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\GlkEspaol.dll,#1
  2⤵
  PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads