32b63835ff0804e730de8228b7c49a1da4248ca0888f472b956973e5b5923307 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 17:32

Sharing

Report Analysis Logs

General

Target

311f92a9a51145566e3a50d1ccdc1b5c.dll
Size

3KB
MD5

311f92a9a51145566e3a50d1ccdc1b5c
SHA1

25e13c1fd7d9faccdd498368ef28a15b47e2a340
SHA256

32b63835ff0804e730de8228b7c49a1da4248ca0888f472b956973e5b5923307
SHA512

52eb832bdb07e663573c5bf2214098c34fbe04d8a7ced827da192c884527970d80166a6893c6a478124923d99b5d6100ac3b072e106d2e3622d21c3bc00a2992

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1300	3036	rundll32.exe	28
PID 3036 wrote to memory of 1300	3036	rundll32.exe	28
PID 3036 wrote to memory of 1300	3036	rundll32.exe	28
PID 3036 wrote to memory of 1300	3036	rundll32.exe	28
PID 3036 wrote to memory of 1300	3036	rundll32.exe	28
PID 3036 wrote to memory of 1300	3036	rundll32.exe	28
PID 3036 wrote to memory of 1300	3036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\311f92a9a51145566e3a50d1ccdc1b5c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\311f92a9a51145566e3a50d1ccdc1b5c.dll,#1
  2⤵
  PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads