41ecd0ee4cd2d9b0118056352ac176719928d3576a98ccbf940970ac62804ecd | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 15:16

Sharing

Report Analysis Logs

General

Target

288f565459796da1fc133a89be9a0f3a.dll
Size

56KB
MD5

288f565459796da1fc133a89be9a0f3a
SHA1

150a84fc00bb7f9b042940f385ad7894eaca4597
SHA256

41ecd0ee4cd2d9b0118056352ac176719928d3576a98ccbf940970ac62804ecd
SHA512

bb4334b4c1efa8a877d14df6a20b7a7815b4760eaca9859945feda5fc5775aeda3a0abed55457e901a4f12cfb46e467c490a4e38090f4b9defd4ce1c1c9dda01
SSDEEP

1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk4:c8y93KQjy7G55riF1cMo0E

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 1996	1360	rundll32.exe	14
PID 1360 wrote to memory of 1996	1360	rundll32.exe	14
PID 1360 wrote to memory of 1996	1360	rundll32.exe	14
PID 1360 wrote to memory of 1996	1360	rundll32.exe	14
PID 1360 wrote to memory of 1996	1360	rundll32.exe	14
PID 1360 wrote to memory of 1996	1360	rundll32.exe	14
PID 1360 wrote to memory of 1996	1360	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\288f565459796da1fc133a89be9a0f3a.dll,#1
1⤵
PID:1996

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\288f565459796da1fc133a89be9a0f3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads