80b6a91f55324f5907a9f4305ff46eef36197008fd4dd954ef9388c1d3307ff7 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20-12-2023 00:38

Sharing

Report Analysis Logs

General

Target

minhook.x32.dll
Size

18KB
MD5

71d921951eb008c82cc6b98ce71f2c67
SHA1

91fa98d3496e5474123c94a0980a03c53dc567e8
SHA256

80b6a91f55324f5907a9f4305ff46eef36197008fd4dd954ef9388c1d3307ff7
SHA512

d8e294f90bb7178b69c03cfb817aeb65cec08e7fbfabbe6dd5e739e6fce94add8b37c5d3d98a109b597fc01e917d1e12b1f19df2f19fbd65b63e867be5620843
SSDEEP

384:r8KH3kQ7Ti7RiPvT4Q5XsjhUnOBFKMWYx:YKhf+cPv0O4UnAF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28
PID 1616 wrote to memory of 1516	1616	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\minhook.x32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\minhook.x32.dll,#1
  2⤵
  PID:1516

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2804

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads