bd2981c606f836bdfb99e810bbc2175094e23f9febd2e15834f5649501dccffc | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 07:13

Sharing

Report Analysis Logs

General

Target

0deee029f319e90c1674a1f1f2f3effd.dll
Size

60KB
MD5

0deee029f319e90c1674a1f1f2f3effd
SHA1

338a4bc617f23f02c632a399af426a0da3f09b63
SHA256

bd2981c606f836bdfb99e810bbc2175094e23f9febd2e15834f5649501dccffc
SHA512

98688f4a8ce394696ca0b714d74c92be784b77c26a17d9b90551879f9d81d08a4dc2609f6bb153ec01a70c7b7d894f91da7186fcbe373bef989427b6a9c26828
SSDEEP

1536:PSbdSCMSJq5bXgfKZMsC0MQUEN+EVM/QAU+1:6dhqpXpZMsCHaN+yE1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2844	2472	rundll32.exe	14
PID 2472 wrote to memory of 2844	2472	rundll32.exe	14
PID 2472 wrote to memory of 2844	2472	rundll32.exe	14
PID 2472 wrote to memory of 2844	2472	rundll32.exe	14
PID 2472 wrote to memory of 2844	2472	rundll32.exe	14
PID 2472 wrote to memory of 2844	2472	rundll32.exe	14
PID 2472 wrote to memory of 2844	2472	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#1
1⤵
PID:2844

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads