4036df60e76f069f27da954142060ae81e98d61691a66e6fef567320a9ef4c03 | Triage

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 14:40

Sharing

Report Analysis Logs

General

Target

libisccfg.dll
Size

116KB
MD5

151b320e93880f1e69fba37b00de7593
SHA1

2e69e263ab2b1b26a6b6cc3872cd7347df0c7cb0
SHA256

53bf6346e80ca654d064dd04c196a6a85a2dc58961282a0ab654e23fe7e84447
SHA512

4dcfed46178f355879fe4788edb5d21dc2c7a948f7385af2f2586b079eb6d0009f8bb0c3b13b49bc8c0c61c6bae36c918c3fe109d95e50686e2bcbf541b01fb8
SSDEEP

1536:3h/3rEIpgyqEScFZTWPH5YecbKXsXmU3JUujt+EP11n:3h/3rEIpgyecFS5YecbZmU3JnRNP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1936	2352	rundll32.exe	28
PID 2352 wrote to memory of 1936	2352	rundll32.exe	28
PID 2352 wrote to memory of 1936	2352	rundll32.exe	28
PID 2352 wrote to memory of 1936	2352	rundll32.exe	28
PID 2352 wrote to memory of 1936	2352	rundll32.exe	28
PID 2352 wrote to memory of 1936	2352	rundll32.exe	28
PID 2352 wrote to memory of 1936	2352	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libisccfg.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libisccfg.dll,#1
  2⤵
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/1936-1-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download