117677a8a1de4b7c71440aaf5886eea526e2f2bff232898159c2b340d366c896 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 17:04

Sharing

Report Analysis Logs

General

Target

0745410913e19f673f49672a6f53a1f9.dll
Size

840KB
MD5

0745410913e19f673f49672a6f53a1f9
SHA1

57695d3a5f44c8855fa6a7ca6674e6d457f6d149
SHA256

117677a8a1de4b7c71440aaf5886eea526e2f2bff232898159c2b340d366c896
SHA512

8f5af23ce13e740f875c86b45a2263cca3b04b99117aa79960485c439cfecfd1141083fc37aed7307d782376293cec20a8416bd5f17174841451d598aa3e6e45
SSDEEP

24576:V1SywKTSLIlzu27KyPbInVwbx4FK0tdeu:3Sx3LIBdP5bqFK0Ku

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2508	2096	rundll32.exe	28
PID 2096 wrote to memory of 2508	2096	rundll32.exe	28
PID 2096 wrote to memory of 2508	2096	rundll32.exe	28
PID 2096 wrote to memory of 2508	2096	rundll32.exe	28
PID 2096 wrote to memory of 2508	2096	rundll32.exe	28
PID 2096 wrote to memory of 2508	2096	rundll32.exe	28
PID 2096 wrote to memory of 2508	2096	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0745410913e19f673f49672a6f53a1f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0745410913e19f673f49672a6f53a1f9.dll,#1
  2⤵
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads