6daefeafefe02c1d0c33d9c8eece5f7d5bc4c31edd0de054db8126f7c37fe8ce | Triage

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3637f3ab850816b26e42cccdbbd004c5.dll
Size

3KB
MD5

3637f3ab850816b26e42cccdbbd004c5
SHA1

99e78cd99fa3c6bcc9d0ea50c54da03e1fd2147f
SHA256

6daefeafefe02c1d0c33d9c8eece5f7d5bc4c31edd0de054db8126f7c37fe8ce
SHA512

d88a6b29fc70b8ea1897d2dde59153b0ca53b2538017ef5e0515e2cd1ed6870af7cdecf79c81799607d8a39d84bd15a9db466f3eadc39cfc4a7d4e902c026e7f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3637f3ab850816b26e42cccdbbd004c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3637f3ab850816b26e42cccdbbd004c5.dll,#1
  2⤵
  PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads