797166d6347bd658b73a665c704c12c6ab40285e84bc8e3096fe6158c521d26e | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 18:37

Sharing

Report Analysis Logs

General

Target

aaee60364a55f9711e1ec5ab3bfd29f0.dll
Size

4KB
MD5

aaee60364a55f9711e1ec5ab3bfd29f0
SHA1

b897f86537f3770f9ec1395ede36511fde7dcc0a
SHA256

797166d6347bd658b73a665c704c12c6ab40285e84bc8e3096fe6158c521d26e
SHA512

77f368ffcd26dcf00c238de13baefdfffa3f4a605ed6c7f99282236db110c106e588845b17f7b3dc71564fdd65dcfee486ee0d92262c3a92778f784558b40c96

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2168	3068	rundll32.exe	28
PID 3068 wrote to memory of 2168	3068	rundll32.exe	28
PID 3068 wrote to memory of 2168	3068	rundll32.exe	28
PID 3068 wrote to memory of 2168	3068	rundll32.exe	28
PID 3068 wrote to memory of 2168	3068	rundll32.exe	28
PID 3068 wrote to memory of 2168	3068	rundll32.exe	28
PID 3068 wrote to memory of 2168	3068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaee60364a55f9711e1ec5ab3bfd29f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaee60364a55f9711e1ec5ab3bfd29f0.dll,#1
  2⤵
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads