5c7db71b743c7676c4ffa4d8b3f51702505fe718955c328e3fcd606961825fdd | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:33

Sharing

Report Analysis Logs

General

Target

19e1fcb378835bb46816eb775645975e.dll
Size

6KB
MD5

19e1fcb378835bb46816eb775645975e
SHA1

850b9edb62ccf384eb3e3206de641d096d9d391e
SHA256

5c7db71b743c7676c4ffa4d8b3f51702505fe718955c328e3fcd606961825fdd
SHA512

b0882c6378169e24d77bc7c2f5dfa168eb00595f3c2f30c60cd2f96984e3ffb2c30bcaee9ff84b651566fcc3a682e2e3096fec3e5652abfe23297302cbd503af
SSDEEP

48:6sAQt5YVOSVVEPy+wn1j0vxm0hB+BDq9J5Scv3/c:fSVVEPo1MpB+FqX5SEk

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 2172	1232	rundll32.exe	18
PID 1232 wrote to memory of 2172	1232	rundll32.exe	18
PID 1232 wrote to memory of 2172	1232	rundll32.exe	18
PID 1232 wrote to memory of 2172	1232	rundll32.exe	18
PID 1232 wrote to memory of 2172	1232	rundll32.exe	18
PID 1232 wrote to memory of 2172	1232	rundll32.exe	18
PID 1232 wrote to memory of 2172	1232	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19e1fcb378835bb46816eb775645975e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19e1fcb378835bb46816eb775645975e.dll,#1
  2⤵
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads