5cd5132636edfbbf6f656afd4e8d7f3989f93c1c859d438c42a07c141552456d | Triage

Analysis

max time kernel
119s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 03:57

Sharing

Report Analysis Logs

General

Target

043396afa88bc4c2a5f523721befa637.dll
Size

3KB
MD5

043396afa88bc4c2a5f523721befa637
SHA1

ca4650470cc909b6e3ee397e0e2732f27885fd6e
SHA256

5cd5132636edfbbf6f656afd4e8d7f3989f93c1c859d438c42a07c141552456d
SHA512

4664d619d8608447bea6a5f7e1e338e26c10c1b20e75e162d53e455f1fb899ac6aa38563b2e6f56732e252727b09d262b3be97a867d9507ce9a93d5e195a7f91

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 1036	760	rundll32.exe	28
PID 760 wrote to memory of 1036	760	rundll32.exe	28
PID 760 wrote to memory of 1036	760	rundll32.exe	28
PID 760 wrote to memory of 1036	760	rundll32.exe	28
PID 760 wrote to memory of 1036	760	rundll32.exe	28
PID 760 wrote to memory of 1036	760	rundll32.exe	28
PID 760 wrote to memory of 1036	760	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\043396afa88bc4c2a5f523721befa637.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\043396afa88bc4c2a5f523721befa637.dll,#1
  2⤵
  PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads