1653b6fbe2e50b1fefd856960c57be337d6d7f4c6ccad2ac2472659302d4156b | Triage

Analysis

max time kernel
121s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:00

Sharing

Report Analysis Logs

General

Target

32dc0d1e66797b9441186ef28a7bf639.dll
Size

14KB
MD5

32dc0d1e66797b9441186ef28a7bf639
SHA1

469f591e5e68546d6dbd7be1ac5d271dabef9b0a
SHA256

1653b6fbe2e50b1fefd856960c57be337d6d7f4c6ccad2ac2472659302d4156b
SHA512

ef3cc782b6ee003fb6784419e30da70a2b9cf0d4193058fa3047a63933fffa58e60164b04e1dcd8006f962e12a89200524b3f9cef2233b95d71e8705107286ce
SSDEEP

384:I/OgS3820spLSIGRWHcM2nhCxYPLg8J6WP:EOJreIVcM2MEl

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 2648	1360	rundll32.exe	28
PID 1360 wrote to memory of 2648	1360	rundll32.exe	28
PID 1360 wrote to memory of 2648	1360	rundll32.exe	28
PID 1360 wrote to memory of 2648	1360	rundll32.exe	28
PID 1360 wrote to memory of 2648	1360	rundll32.exe	28
PID 1360 wrote to memory of 2648	1360	rundll32.exe	28
PID 1360 wrote to memory of 2648	1360	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\32dc0d1e66797b9441186ef28a7bf639.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\32dc0d1e66797b9441186ef28a7bf639.dll,#1
  2⤵
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads