5d5c7dab592315c37b67be5023c76ec7b632bca07eff8a2d0da5af07a795dc40 | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:14

Sharing

Report Analysis Logs

General

Target

3720df212f68aa6f6aa1f36ece51f8ee.dll
Size

62KB
MD5

3720df212f68aa6f6aa1f36ece51f8ee
SHA1

33065723d67f1be9a9445773d380f551cf6fc965
SHA256

5d5c7dab592315c37b67be5023c76ec7b632bca07eff8a2d0da5af07a795dc40
SHA512

a159638a3cf0b1e22748865fb22bbe4c6f2012d53b7ac2071e1219f5ecc982edb4bd087491fcd7706d360c069583a30aeed0549f1b16a122d897e1588a7cd46d
SSDEEP

1536:lORQCIsEU5IDSKc1aEJXvkUB88iulLBeZi+MSn:LOgSK8j/cTmBeI+MSn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2288	1756	rundll32.exe	28
PID 1756 wrote to memory of 2288	1756	rundll32.exe	28
PID 1756 wrote to memory of 2288	1756	rundll32.exe	28
PID 1756 wrote to memory of 2288	1756	rundll32.exe	28
PID 1756 wrote to memory of 2288	1756	rundll32.exe	28
PID 1756 wrote to memory of 2288	1756	rundll32.exe	28
PID 1756 wrote to memory of 2288	1756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3720df212f68aa6f6aa1f36ece51f8ee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3720df212f68aa6f6aa1f36ece51f8ee.dll,#1
  2⤵
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2288-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/2288-1-0x00000000001A0000-0x00000000001A9000-memory.dmp

Filesize
36KB

Download