ba3ff52d01f304c78c49b3a1336f85c9a4390ef947fb4186ca97c02701707f73 | Triage

Analysis

max time kernel
119s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:05

Sharing

Report Analysis Logs

General

Target

3eed614f154c922d10fe4e04433a92d4.dll
Size

28KB
MD5

3eed614f154c922d10fe4e04433a92d4
SHA1

10d468ed92e214a61b866db53a28525f4f885e8f
SHA256

ba3ff52d01f304c78c49b3a1336f85c9a4390ef947fb4186ca97c02701707f73
SHA512

55ced2cddd6af8bb4c8fdc97b1dc4c95be5de65cd26d32c3ef63c74a0e3b5a1955fb8e846c2e7efdf2b8bc4b30c7d97df18b21117b223f22751a22056914e43c
SSDEEP

768:Ga0syW6p9F5Vx5zuWWnR+nt9MBBQARQkufVZql:6Wu3Q+tmBBQARMq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2280	1972	rundll32.exe	28
PID 1972 wrote to memory of 2280	1972	rundll32.exe	28
PID 1972 wrote to memory of 2280	1972	rundll32.exe	28
PID 1972 wrote to memory of 2280	1972	rundll32.exe	28
PID 1972 wrote to memory of 2280	1972	rundll32.exe	28
PID 1972 wrote to memory of 2280	1972	rundll32.exe	28
PID 1972 wrote to memory of 2280	1972	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3eed614f154c922d10fe4e04433a92d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3eed614f154c922d10fe4e04433a92d4.dll,#1
  2⤵
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads