21a258ff20c53cbd9b41893190d0d2e1f833f69bdd1b7ab365a1585eb8aee0ad | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d49fd05d32b4c7477d5abcb0ca99169.dll
Size

3KB
MD5

0d49fd05d32b4c7477d5abcb0ca99169
SHA1

a9782b24ede35a58fa34d3f4b632099ea76eb5ec
SHA256

21a258ff20c53cbd9b41893190d0d2e1f833f69bdd1b7ab365a1585eb8aee0ad
SHA512

42b1ae65408a29beb33e8f04e879dbc8a01cae4759e3067c5b7780445dccd86e0462e688117ef5f76594bf74ead86168dedb1426380abf061e72505d73cd0e0e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2208	1700	rundll32.exe	14
PID 1700 wrote to memory of 2208	1700	rundll32.exe	14
PID 1700 wrote to memory of 2208	1700	rundll32.exe	14
PID 1700 wrote to memory of 2208	1700	rundll32.exe	14
PID 1700 wrote to memory of 2208	1700	rundll32.exe	14
PID 1700 wrote to memory of 2208	1700	rundll32.exe	14
PID 1700 wrote to memory of 2208	1700	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d49fd05d32b4c7477d5abcb0ca99169.dll,#1
1⤵
PID:2208

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d49fd05d32b4c7477d5abcb0ca99169.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads