14d29b30618d6b6c7743b49bc4e7f84ba1b5212d670ec5b7624cbd8606905ee1 | Triage

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:36

Sharing

Report Analysis Logs

General

Target

0c58f10dd9ede34b0a342cc5ee1de964.dll
Size

2.0MB
MD5

0c58f10dd9ede34b0a342cc5ee1de964
SHA1

ea982802aa0e0a32fb572515ab106dfd704099bf
SHA256

14d29b30618d6b6c7743b49bc4e7f84ba1b5212d670ec5b7624cbd8606905ee1
SHA512

abcdaee4cee7d6a019e6c6ef7fcf5bdb68a629948301d40d0758d0fc79b9ff2945c3a43918684915d6940a8c6aa6f20c38baf8a033f7f907dbab743ebb332b5d
SSDEEP

49152:jxaYSeQ5/S98RsXQurP/iHepxvatT/aXQzJZuji:SqiRohP/iH2yt5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 2120	1140	rundll32.exe	28
PID 1140 wrote to memory of 2120	1140	rundll32.exe	28
PID 1140 wrote to memory of 2120	1140	rundll32.exe	28
PID 1140 wrote to memory of 2120	1140	rundll32.exe	28
PID 1140 wrote to memory of 2120	1140	rundll32.exe	28
PID 1140 wrote to memory of 2120	1140	rundll32.exe	28
PID 1140 wrote to memory of 2120	1140	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c58f10dd9ede34b0a342cc5ee1de964.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c58f10dd9ede34b0a342cc5ee1de964.dll,#1
  2⤵
  PID:2120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads