2c9e5817434d043513f6a3fad064f123439df40ed98599f71f0a02a3c4e4fbdd | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:25

Sharing

Report Analysis Logs

General

Target

345eff600a8a8aafe03bed91dff79861.dll
Size

6KB
MD5

345eff600a8a8aafe03bed91dff79861
SHA1

faa6ce0880c06c7648e699d5991a8e633f5879bc
SHA256

2c9e5817434d043513f6a3fad064f123439df40ed98599f71f0a02a3c4e4fbdd
SHA512

c8a326acf9da5ffc409daaf25d7a750e32806564ea2840f0f4e377112733f967575f737bd3b387057c9ae5048e098ed9f8e0e7ef344a2fe680578c4d23eac1ac
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0vgB+BDq9J5SH:VDa9VUX9bQWIB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2212	1712	rundll32.exe	14
PID 1712 wrote to memory of 2212	1712	rundll32.exe	14
PID 1712 wrote to memory of 2212	1712	rundll32.exe	14
PID 1712 wrote to memory of 2212	1712	rundll32.exe	14
PID 1712 wrote to memory of 2212	1712	rundll32.exe	14
PID 1712 wrote to memory of 2212	1712	rundll32.exe	14
PID 1712 wrote to memory of 2212	1712	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\345eff600a8a8aafe03bed91dff79861.dll,#1
1⤵
PID:2212

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\345eff600a8a8aafe03bed91dff79861.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads