Overview

overview

10

Static

static

3

17112023_2...gy.dll

windows7-x64

1

17112023_2...gy.dll

windows10-2004-x64

1

launcher.bat

windows7-x64

1

launcher.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2023 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17112023_2229_Anesthesiology.dll

  • Size

    1.6MB

  • MD5

    ee8ecace1c6a2a5f112de7261051080a

  • SHA1

    5c11b97e44d7b6684a5b3781aa676019ee436c88

  • SHA256

    e88d394fbf29fec83a119f86f2c338a3c9997872b971294d973c16f65c53f0a6

  • SHA512

    6a76144b7600b184aee25e7b8ea18fd272f28c5651ad61362afde330e3b09991fa365fb0866f27cafe451de04db2067f60024902d77d276054c90f2bd8ab49dc

  • SSDEEP

    24576:JeC6d4Qm5o9dF1rT/ygBLOiaucihUZ5tU80IYabEnNSeyPUFrPmnrw13QiGGAK8B:IvZ9djrT/HLlvIYabSymLyQYGAHgO

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\17112023_2229_Anesthesiology.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\17112023_2229_Anesthesiology.dll,#1
      2⤵
        PID:2456

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads