fc5be3357ec8ebca66da3419ac28bdca1b96d2af598babc59323b5c04e869035 | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:18

Sharing

Report Analysis Logs

General

Target

1dbc8750f0b3742596cf9bc7cebcea1d.dll
Size

4KB
MD5

1dbc8750f0b3742596cf9bc7cebcea1d
SHA1

ab9e61497c4fd115dfa0c599881a91e221e534f0
SHA256

fc5be3357ec8ebca66da3419ac28bdca1b96d2af598babc59323b5c04e869035
SHA512

72f827d5935b33e2a1dea034acb0e98f4c16c76547f19d369590bb014652b2775fc8b08041bb460a6c293f41ee0ad3176ec3ee2a54d0f85ce80e5032dbb96a84
SSDEEP

48:a5z4K+cmATmRYoRZCTJzJPDJJqQZKqu5B74cAR1ZoHwPnP:MTWnRZ0lJbXmBq1CHw3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2276	1340	rundll32.exe	28
PID 1340 wrote to memory of 2276	1340	rundll32.exe	28
PID 1340 wrote to memory of 2276	1340	rundll32.exe	28
PID 1340 wrote to memory of 2276	1340	rundll32.exe	28
PID 1340 wrote to memory of 2276	1340	rundll32.exe	28
PID 1340 wrote to memory of 2276	1340	rundll32.exe	28
PID 1340 wrote to memory of 2276	1340	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1dbc8750f0b3742596cf9bc7cebcea1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1dbc8750f0b3742596cf9bc7cebcea1d.dll,#1
  2⤵
  PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads