9c1cebc2927395069711c01e8037950e0b26f56af12a225589d942c3612375f0 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0fc4f81112953bd3b077a8747bf8faa6.dll
Size

1016KB
MD5

0fc4f81112953bd3b077a8747bf8faa6
SHA1

65851b3268de95c1bcf386fd2f0c09f10fd4fda3
SHA256

9c1cebc2927395069711c01e8037950e0b26f56af12a225589d942c3612375f0
SHA512

6835eaa5e6137b1c517cd33cfb6ac516b872923fbc1ab41d51ff5a5a28faa95fcd83045ec2e4e10502b92e21c0a11ce42d6d9ac64cb8e2faca26f84a8699494a
SSDEEP

6144:MxEp4XDJWzbRh0ScU+nBS6VEfuOCQ895jcM1:M+NzbRaSQSX3S95R

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 2384	1332	rundll32.exe	23
PID 1332 wrote to memory of 2384	1332	rundll32.exe	23
PID 1332 wrote to memory of 2384	1332	rundll32.exe	23
PID 1332 wrote to memory of 2384	1332	rundll32.exe	23
PID 1332 wrote to memory of 2384	1332	rundll32.exe	23
PID 1332 wrote to memory of 2384	1332	rundll32.exe	23
PID 1332 wrote to memory of 2384	1332	rundll32.exe	23

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc4f81112953bd3b077a8747bf8faa6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fc4f81112953bd3b077a8747bf8faa6.dll,#1
  2⤵
  PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2384-0-0x0000000000200000-0x0000000000216000-memory.dmp

Filesize
88KB

Download
memory/2384-1-0x0000000010000000-0x0000000010103000-memory.dmp

Filesize
1.0MB

Download