e78751385d3426cbf2355a104007e81eba9a2565b3b8eada61b316315615b1a4 | Triage

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:05

Sharing

Report Analysis Logs

General

Target

13ce58c1de66d5b7f73242858f111780.dll
Size

17KB
MD5

13ce58c1de66d5b7f73242858f111780
SHA1

39191f5da9853bb9ed2cf80ef307f15629391eaf
SHA256

e78751385d3426cbf2355a104007e81eba9a2565b3b8eada61b316315615b1a4
SHA512

88a051a57a2da6a33d1dceb853ca2fea8fa2ffe098de9eacb27a5d7deea676a16a68496f4036718b89aa6ef180c011eea0118873d230fe7d06a7b5c8cd8843a7
SSDEEP

384:4BYqKj/To2Nn2SIdneX0RQ1gCPXqQ1w190WKGQWMZ:4oTZedoR1g9Qu12GY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3056	3040	rundll32.exe	27
PID 3040 wrote to memory of 3056	3040	rundll32.exe	27
PID 3040 wrote to memory of 3056	3040	rundll32.exe	27
PID 3040 wrote to memory of 3056	3040	rundll32.exe	27
PID 3040 wrote to memory of 3056	3040	rundll32.exe	27
PID 3040 wrote to memory of 3056	3040	rundll32.exe	27
PID 3040 wrote to memory of 3056	3040	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13ce58c1de66d5b7f73242858f111780.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13ce58c1de66d5b7f73242858f111780.dll,#1
  2⤵
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads