6e5cc55891674a81bdbc352d752430f24008a2f3726ed81abb7864535726bb6e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 14:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e5cc55891674a81bdbc352d752430f24008a2f3726ed81abb7864535726bb6e.dll
Size

11.3MB
MD5

ba57a47aff8fce4a4944ced3ace36527
SHA1

4e48e19475e5e9b92fa6cdb1603571832c4dac94
SHA256

6e5cc55891674a81bdbc352d752430f24008a2f3726ed81abb7864535726bb6e
SHA512

5ea876ce034866542d1d1e9cd6f4d95a57dd15a04cee6c19096665fbff53231d4c68795d3613b3eca9d70790064529a045c73a1bf5dc45080f6a7962d2de5d1e
SSDEEP

196608:3cbTpLNYv74z9m6L1wjQbGGguN1yAuqNcX83O+VrZqs6E2lqraQyQ3qqxFETD:3c3kvg1WFG3cqNcX831Fr2ma5SHKD

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1912	rundll32.exe
1912	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 1912	3020	rundll32.exe	15
PID 3020 wrote to memory of 1912	3020	rundll32.exe	15
PID 3020 wrote to memory of 1912	3020	rundll32.exe	15
PID 3020 wrote to memory of 1912	3020	rundll32.exe	15
PID 3020 wrote to memory of 1912	3020	rundll32.exe	15
PID 3020 wrote to memory of 1912	3020	rundll32.exe	15
PID 3020 wrote to memory of 1912	3020	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e5cc55891674a81bdbc352d752430f24008a2f3726ed81abb7864535726bb6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e5cc55891674a81bdbc352d752430f24008a2f3726ed81abb7864535726bb6e.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1912-3-0x00000000710A0000-0x0000000072575000-memory.dmp

Filesize
20.8MB

Download
memory/1912-2-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1912-6-0x00000000710A0000-0x0000000072575000-memory.dmp

Filesize
20.8MB

Download
memory/1912-35-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1912-34-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1912-32-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1912-30-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1912-27-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1912-25-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1912-22-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1912-20-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1912-17-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1912-15-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1912-13-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1912-12-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1912-10-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1912-8-0x0000000077670000-0x0000000077671000-memory.dmp

Filesize
4KB

Download
memory/1912-7-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1912-5-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download