5bc4c237a9be6338038f9afe72915d6fa11f788c1d5ce684c8aaa0a4f4c0303f | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 20:29

Sharing

Report Analysis Logs

General

Target

1104e6df056730bdf56cdf150d5733f5.dll
Size

3KB
MD5

1104e6df056730bdf56cdf150d5733f5
SHA1

0d8dde096534bb15d74256e16ca7bd10c3379753
SHA256

5bc4c237a9be6338038f9afe72915d6fa11f788c1d5ce684c8aaa0a4f4c0303f
SHA512

f85920e58fb942a8ff015769399989551ec4ae3dc1ccae05e3612b3809b571bd413ebe3dd74fd625fc85a82c047220bd2968f11250917a778a6e0d1cd1fa71bc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2800	2724	rundll32.exe	27
PID 2724 wrote to memory of 2800	2724	rundll32.exe	27
PID 2724 wrote to memory of 2800	2724	rundll32.exe	27
PID 2724 wrote to memory of 2800	2724	rundll32.exe	27
PID 2724 wrote to memory of 2800	2724	rundll32.exe	27
PID 2724 wrote to memory of 2800	2724	rundll32.exe	27
PID 2724 wrote to memory of 2800	2724	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1104e6df056730bdf56cdf150d5733f5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1104e6df056730bdf56cdf150d5733f5.dll,#1
  2⤵
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads