03d4e005e72c8a3ca47be1b1632efc2506c50482ae3278a06e44606cdc921f97 | Triage

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 16:03

Sharing

Report Analysis Logs

General

Target

2b8d12f512ee830903ef39b7f72a035b.dll
Size

40KB
MD5

2b8d12f512ee830903ef39b7f72a035b
SHA1

5386ea84525448f8669245f6aa440ff83d222180
SHA256

03d4e005e72c8a3ca47be1b1632efc2506c50482ae3278a06e44606cdc921f97
SHA512

e7c229f0b5cc48b9d235921c0eccb170e1d6e090489d1bcb107ba53d4d7cb58882d6025432e6e2166007ecec0bd1e231f35b39ddbcf0e29e11195d32a3d6fedf
SSDEEP

768:Z0PriXnXXLAZ/vrsCGK//e4JBBQARQkPhHA/s:mPRcSe4JBBQARpm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2684	3012	rundll32.exe	28
PID 3012 wrote to memory of 2684	3012	rundll32.exe	28
PID 3012 wrote to memory of 2684	3012	rundll32.exe	28
PID 3012 wrote to memory of 2684	3012	rundll32.exe	28
PID 3012 wrote to memory of 2684	3012	rundll32.exe	28
PID 3012 wrote to memory of 2684	3012	rundll32.exe	28
PID 3012 wrote to memory of 2684	3012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b8d12f512ee830903ef39b7f72a035b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b8d12f512ee830903ef39b7f72a035b.dll,#1
  2⤵
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads