21f9d308e310126d4b36b809963af06e3ccc30d0f68ae0ad226355557edcecb9 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 22:14

Sharing

Report Analysis Logs

General

Target

14ef2d9b5c8429171d357fbf2e47ca71.dll
Size

2.0MB
MD5

14ef2d9b5c8429171d357fbf2e47ca71
SHA1

d508cf2c2167965aa5fb4180c63008e4f3901b60
SHA256

21f9d308e310126d4b36b809963af06e3ccc30d0f68ae0ad226355557edcecb9
SHA512

91d5f1a4f840833871776b2f64c466161839404155ecd7eb8920f208d9c8fc45f08a8f1429b1ea14380baa6cfc270b4258b02f043bc98ffe0cc40194a9ba7e4b
SSDEEP

49152:IP3uMN+3FYu7H7/2biJ8AdxF/3i35/QzJ1udz:YNWeu7H76iJ8A/tih

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2872	2856	rundll32.exe	16
PID 2856 wrote to memory of 2872	2856	rundll32.exe	16
PID 2856 wrote to memory of 2872	2856	rundll32.exe	16
PID 2856 wrote to memory of 2872	2856	rundll32.exe	16
PID 2856 wrote to memory of 2872	2856	rundll32.exe	16
PID 2856 wrote to memory of 2872	2856	rundll32.exe	16
PID 2856 wrote to memory of 2872	2856	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14ef2d9b5c8429171d357fbf2e47ca71.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14ef2d9b5c8429171d357fbf2e47ca71.dll,#1
  2⤵
  PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads