f3ee0df460f1897cf08b9eed517ec0c42a4363a1337a290a78ccd47bcc7fb430 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13a1ab62b6c0c163856538d395105fef.dll
Size

216KB
MD5

13a1ab62b6c0c163856538d395105fef
SHA1

189aaccc598356f144e080a49d63c14297be4ae7
SHA256

f3ee0df460f1897cf08b9eed517ec0c42a4363a1337a290a78ccd47bcc7fb430
SHA512

a1b420e799f539f8140bb06053eb0a6571d94fdc8959701c1130915c31c319513d718aae2e8d16db1389fa7441c3673a93c096a321d1e6f5d21ba7e746f8421e
SSDEEP

3072:KbGBGspQvNKRGCFOQ70d/SRY604pM2bi7l+St5RKo:KbCGspQMGCk1dJ+Y7lp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2680	2996	rundll32.exe	28
PID 2996 wrote to memory of 2680	2996	rundll32.exe	28
PID 2996 wrote to memory of 2680	2996	rundll32.exe	28
PID 2996 wrote to memory of 2680	2996	rundll32.exe	28
PID 2996 wrote to memory of 2680	2996	rundll32.exe	28
PID 2996 wrote to memory of 2680	2996	rundll32.exe	28
PID 2996 wrote to memory of 2680	2996	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13a1ab62b6c0c163856538d395105fef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13a1ab62b6c0c163856538d395105fef.dll,#1
  2⤵
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads