23287e3a370e8fcfe89ee3b648d4359d7117d5730fe1bd2e784250fbbfba3ae9 | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1e0f2460352204bb3e37f70a6f5e2d5d.dll
Size

32KB
MD5

1e0f2460352204bb3e37f70a6f5e2d5d
SHA1

3d02b6ca8e0250caa3b89ef3e4c8f0ac5a075967
SHA256

23287e3a370e8fcfe89ee3b648d4359d7117d5730fe1bd2e784250fbbfba3ae9
SHA512

418f1ad09fe38b11dc2f8d81a40272cd7ac22704e38ddd3f844df8dc23c8d3b25f09edb2c6a601322ca78197d7eae45d1bf931b19c80dbfe161d01fa736b60ee
SSDEEP

768:iUTHaQ5CPZ5mvC87Gt6ZWpNqOjsSRzVs+:iUTHb5i5mH7GtEDQRxJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1940	2212	rundll32.exe	28
PID 2212 wrote to memory of 1940	2212	rundll32.exe	28
PID 2212 wrote to memory of 1940	2212	rundll32.exe	28
PID 2212 wrote to memory of 1940	2212	rundll32.exe	28
PID 2212 wrote to memory of 1940	2212	rundll32.exe	28
PID 2212 wrote to memory of 1940	2212	rundll32.exe	28
PID 2212 wrote to memory of 1940	2212	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e0f2460352204bb3e37f70a6f5e2d5d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1e0f2460352204bb3e37f70a6f5e2d5d.dll,#1
  2⤵
  PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads