dcf1c2018d776beac7be69ab8b225419701c6c0edfd5dc240c142c9475d8c918 | Triage

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:40

Sharing

Report Analysis Logs

General

Target

08b7414528be57dcdb3c0cf1893214d5.dll
Size

2KB
MD5

08b7414528be57dcdb3c0cf1893214d5
SHA1

568f3e5241452fd282007378a1e900063a7c8672
SHA256

dcf1c2018d776beac7be69ab8b225419701c6c0edfd5dc240c142c9475d8c918
SHA512

d99f0cb11876f4baeeaa02c0d01b4783a4ef76da0b3764926884bac22ea587a55c5d5c412a64a83dce39be67099357e50f7004784683a554576c4ea31c45e4bf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 2368	1080	rundll32.exe	19
PID 1080 wrote to memory of 2368	1080	rundll32.exe	19
PID 1080 wrote to memory of 2368	1080	rundll32.exe	19
PID 1080 wrote to memory of 2368	1080	rundll32.exe	19
PID 1080 wrote to memory of 2368	1080	rundll32.exe	19
PID 1080 wrote to memory of 2368	1080	rundll32.exe	19
PID 1080 wrote to memory of 2368	1080	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b7414528be57dcdb3c0cf1893214d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b7414528be57dcdb3c0cf1893214d5.dll,#1
  2⤵
  PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-0-0x000000006A9D0000-0x000000006AB25000-memory.dmp

Filesize
1.3MB

Download