32aabdba3b61825a2ae9f2bd40c41eb3b1a13698c11e04fdaaaa1b528030b95e | Triage

Analysis

max time kernel
1s
max time network
4s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 10:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

18eeccb81f43509d0ed8e8520dfdd5c3.dll
Size

88KB
MD5

18eeccb81f43509d0ed8e8520dfdd5c3
SHA1

33558636c481b8243a495f6d9f1afe2fe1a538a8
SHA256

32aabdba3b61825a2ae9f2bd40c41eb3b1a13698c11e04fdaaaa1b528030b95e
SHA512

f1a216facb63f505a9290aaecca51ee48b27ecb5a32e1c0c254b8646359196826e52d0487d3656eceefa845f4f9febb8f46580a48b6fd31c3cbc2191f1276cbc
SSDEEP

1536:0hOub0TOvJx/Ro9bGyTdTZdJvjWyWxXoEQLSw/q5:0O0JxcbG2dTZdJCPYEQM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2876	2204	rundll32.exe	28
PID 2204 wrote to memory of 2876	2204	rundll32.exe	28
PID 2204 wrote to memory of 2876	2204	rundll32.exe	28
PID 2204 wrote to memory of 2876	2204	rundll32.exe	28
PID 2204 wrote to memory of 2876	2204	rundll32.exe	28
PID 2204 wrote to memory of 2876	2204	rundll32.exe	28
PID 2204 wrote to memory of 2876	2204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18eeccb81f43509d0ed8e8520dfdd5c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18eeccb81f43509d0ed8e8520dfdd5c3.dll,#1
  2⤵
  PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2876-0-0x0000000000160000-0x000000000016B000-memory.dmp

Filesize
44KB

Download