e91f1ec6c3b267f81e43f55a0830d6e3a5bbc86c0f4119b2b7c538d0dd3b917e | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 16:58

Sharing

Report Analysis Logs

General

Target

06f05fb0d8bbdd372fa3ae8822fe61bf.dll
Size

332KB
MD5

06f05fb0d8bbdd372fa3ae8822fe61bf
SHA1

569f4eefe145fb4bdaec3e27383b1d5d60bf887b
SHA256

e91f1ec6c3b267f81e43f55a0830d6e3a5bbc86c0f4119b2b7c538d0dd3b917e
SHA512

46ab387998ca1e12d83616bc7517c41c5d6cec81e88c111e3c4228d315bbcf54d7beb81abd575f4ed38e2e57f5ede5bf1f364aa98ca2a2caf4a5c1ccb5922091
SSDEEP

6144:aF49Y10hLERnLdB4y0402zmsVm+7Mzqu:9NCLkyJ0mAmMz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2740	3028	rundll32.exe	16
PID 3028 wrote to memory of 2740	3028	rundll32.exe	16
PID 3028 wrote to memory of 2740	3028	rundll32.exe	16
PID 3028 wrote to memory of 2740	3028	rundll32.exe	16
PID 3028 wrote to memory of 2740	3028	rundll32.exe	16
PID 3028 wrote to memory of 2740	3028	rundll32.exe	16
PID 3028 wrote to memory of 2740	3028	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06f05fb0d8bbdd372fa3ae8822fe61bf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06f05fb0d8bbdd372fa3ae8822fe61bf.dll,#1
  2⤵
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2740-1-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download
memory/2740-0-0x0000000010000000-0x0000000010062000-memory.dmp

Filesize
392KB

Download