e9c565b08c4fa0a74126fd8bc38cedc00b5ee2abba0008df1631c5e53452a866 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 17:19

Sharing

Report Analysis Logs

General

Target

305a11a811ad04c5ab5399171675e037.dll
Size

2KB
MD5

305a11a811ad04c5ab5399171675e037
SHA1

2d57a580b20c6cee79f9864e6bcd155f78e7bbd2
SHA256

e9c565b08c4fa0a74126fd8bc38cedc00b5ee2abba0008df1631c5e53452a866
SHA512

1ad8c1f9f56a775cb764eb2cb950ede34af6a4059c7ea3746c3b6b4430e13b02f4d7d53b0b8bf27ab2fd18489895c1cd03287533a6546e62d5f60213b44f46bd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2928	2508	rundll32.exe	16
PID 2508 wrote to memory of 2928	2508	rundll32.exe	16
PID 2508 wrote to memory of 2928	2508	rundll32.exe	16
PID 2508 wrote to memory of 2928	2508	rundll32.exe	16
PID 2508 wrote to memory of 2928	2508	rundll32.exe	16
PID 2508 wrote to memory of 2928	2508	rundll32.exe	16
PID 2508 wrote to memory of 2928	2508	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\305a11a811ad04c5ab5399171675e037.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\305a11a811ad04c5ab5399171675e037.dll,#1
  2⤵
  PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2928-2-0x0000000075270000-0x00000000752AF000-memory.dmp

Filesize
252KB

Download
memory/2928-1-0x0000000075250000-0x000000007528F000-memory.dmp

Filesize
252KB

Download
memory/2928-0-0x0000000075290000-0x00000000752CF000-memory.dmp

Filesize
252KB

Download
memory/2928-3-0x0000000075250000-0x00000000752D0000-memory.dmp

Filesize
512KB

Download