4036df60e76f069f27da954142060ae81e98d61691a66e6fef567320a9ef4c03 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 14:40

Sharing

Report Analysis Logs

General

Target

liblwres.dll
Size

124KB
MD5

24668b5d1ed5a161dd0fa8165e901d2a
SHA1

be07795a4aa399ffdfeae99ad5e0bab0ab55c497
SHA256

54a2ef7507fc1ce9a5bb95d4a091b7c31caf982a4ca1566bf115a6fb2ccdd767
SHA512

5c6e0d2bd6a0fa5a00d587a47dc7665e546598ce586c00e71302122221bff1b7cd6a2499b449b514b776c9817d4bee75f1f78fa9c99041efe8614707ee2aeb34
SSDEEP

3072:nQqp4vYx+/B+Y7QE6TIo7bhb912kk87DCXiArGQ9qJfGUBqwN:nQ2KYx+/B+0QJHVN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2176	2848	rundll32.exe	27
PID 2848 wrote to memory of 2176	2848	rundll32.exe	27
PID 2848 wrote to memory of 2176	2848	rundll32.exe	27
PID 2848 wrote to memory of 2176	2848	rundll32.exe	27
PID 2848 wrote to memory of 2176	2848	rundll32.exe	27
PID 2848 wrote to memory of 2176	2848	rundll32.exe	27
PID 2848 wrote to memory of 2176	2848	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\liblwres.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\liblwres.dll,#1
  2⤵
  PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-0-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/2176-1-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download