e3195c250694694bba05f321aa469dece69970c75a74288cf647a4a99618204a | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:13

Sharing

Report Analysis Logs

General

Target

0ac87a3896d78b15606283427e3f2992.dll
Size

83KB
MD5

0ac87a3896d78b15606283427e3f2992
SHA1

379a7fb92eb525472f5d4f222c71ebc02d1db02a
SHA256

e3195c250694694bba05f321aa469dece69970c75a74288cf647a4a99618204a
SHA512

fbe218d47138f0ad30040989a2f30fb1e3931a89fd5f4d81b84c5ac236ecb21903b0ca04a80210afc473d7defb4fc48fc680d65e992c5e2b9b851b7ce7d3cf69
SSDEEP

1536:c1QwmRg85Yzhr0WsxAyxNXVhbJ/zzW5n/u8K3lT:EAg8mzhrenHFhbJXWV//+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2952	2116	rundll32.exe	16
PID 2116 wrote to memory of 2952	2116	rundll32.exe	16
PID 2116 wrote to memory of 2952	2116	rundll32.exe	16
PID 2116 wrote to memory of 2952	2116	rundll32.exe	16
PID 2116 wrote to memory of 2952	2116	rundll32.exe	16
PID 2116 wrote to memory of 2952	2116	rundll32.exe	16
PID 2116 wrote to memory of 2952	2116	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ac87a3896d78b15606283427e3f2992.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ac87a3896d78b15606283427e3f2992.dll,#1
  2⤵
  PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2952-2-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/2952-1-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/2952-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download