b3f091b540eb465dd3a102e3c354dcfa98d0412fb6c3d035d37cf59ecaf2b538 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 01:24

Sharing

Report Analysis Logs

General

Target

491941b79d88d7786dc1f6d973b2fd5a.dll
Size

81KB
MD5

491941b79d88d7786dc1f6d973b2fd5a
SHA1

cdc4b762c2df884e05f2997a0d416c6ec18330c3
SHA256

b3f091b540eb465dd3a102e3c354dcfa98d0412fb6c3d035d37cf59ecaf2b538
SHA512

e289f83ae2e0bb696ea448c32d725f64512834886fa8e4102509a72eef2ac580d64b6c385f80083c38ca28ff4bc5daa1661a7370eafe8d6498a906688a8659b2
SSDEEP

1536:GjbW89XQ7DH62ZnrweUXSR0zss8GSq59LcR3WlK9R:Gjbp4ttweB0g/Wto3WlE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2940	2416	rundll32.exe	16
PID 2416 wrote to memory of 2940	2416	rundll32.exe	16
PID 2416 wrote to memory of 2940	2416	rundll32.exe	16
PID 2416 wrote to memory of 2940	2416	rundll32.exe	16
PID 2416 wrote to memory of 2940	2416	rundll32.exe	16
PID 2416 wrote to memory of 2940	2416	rundll32.exe	16
PID 2416 wrote to memory of 2940	2416	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\491941b79d88d7786dc1f6d973b2fd5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\491941b79d88d7786dc1f6d973b2fd5a.dll,#1
  2⤵
  PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2940-1-0x0000000000100000-0x000000000010F000-memory.dmp

Filesize
60KB

Download
memory/2940-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download