cf2263c88475276172b20ac306f7f24084d6faca1527891d7544995209701346 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15bc058ab1b87851cb644190d2e3def6.dll
Size

122KB
MD5

15bc058ab1b87851cb644190d2e3def6
SHA1

5ed8b9c2410bf8b4bab3943bfd4b9042c69ae912
SHA256

cf2263c88475276172b20ac306f7f24084d6faca1527891d7544995209701346
SHA512

b166ad26ec18d3695a799ed4e3c1e38c249d1ed3c6ccb5808093517a0b280852377f897003b96fc5163fef545e52cc623b6a60e8c760c1e84b335c7730ba11ba
SSDEEP

3072:Mt246caVOpnV5bnFqAaXPH/QAiObWjpwBLgJu8R:MQ4zM4nfDkkAtWjqObR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2948	2932	rundll32.exe	28
PID 2932 wrote to memory of 2948	2932	rundll32.exe	28
PID 2932 wrote to memory of 2948	2932	rundll32.exe	28
PID 2932 wrote to memory of 2948	2932	rundll32.exe	28
PID 2932 wrote to memory of 2948	2932	rundll32.exe	28
PID 2932 wrote to memory of 2948	2932	rundll32.exe	28
PID 2932 wrote to memory of 2948	2932	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15bc058ab1b87851cb644190d2e3def6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15bc058ab1b87851cb644190d2e3def6.dll,#1
  2⤵
  PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2948-0-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/2948-1-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download