30cf20bfa873ef4671e3c42c930989f7b6a530d8fc53a94b6ccd6f096770f5a8 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 01:16

Sharing

Report Analysis Logs

General

Target

48923d98acfe02b89d88029813a080cd.dll
Size

3KB
MD5

48923d98acfe02b89d88029813a080cd
SHA1

e84e4d69eed0fa05e948dec8dec8e032045e0cde
SHA256

30cf20bfa873ef4671e3c42c930989f7b6a530d8fc53a94b6ccd6f096770f5a8
SHA512

04fe6ae7b1c79a02b0054bddef00a8c814f0a51829d508f9bfa8c167c12ddc8cb02adb6e0858c91eb1a36a9ff2adc808823868b8b4a331adf52f2a259375b50b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2936	1244	rundll32.exe	16
PID 1244 wrote to memory of 2936	1244	rundll32.exe	16
PID 1244 wrote to memory of 2936	1244	rundll32.exe	16
PID 1244 wrote to memory of 2936	1244	rundll32.exe	16
PID 1244 wrote to memory of 2936	1244	rundll32.exe	16
PID 1244 wrote to memory of 2936	1244	rundll32.exe	16
PID 1244 wrote to memory of 2936	1244	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48923d98acfe02b89d88029813a080cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48923d98acfe02b89d88029813a080cd.dll,#1
  2⤵
  PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads