0b78f29798e9a536e85db8c8b481b2083cdf557cd240b2aff0d1f504058c0911 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 02:18

Sharing

Report Analysis Logs

General

Target

4c3dda25865f0a8326af11c5a1b771f8.dll
Size

40KB
MD5

4c3dda25865f0a8326af11c5a1b771f8
SHA1

02b59c1fdf4498e99bd7335f52199c21bae4f795
SHA256

0b78f29798e9a536e85db8c8b481b2083cdf557cd240b2aff0d1f504058c0911
SHA512

a530903cf0857de6dfa4109ea8bb022e375a8e4b8af2b9b57ec3c50a000dc0adc4827fa5c48626124c7ea8c245251b541466cffbac6d192424e295d6dcc26fc8
SSDEEP

768:wWT4H771E0dJq+ne4ZBBQARQkH6QhHA/:1T4vtVe4ZBBQARvm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3000	2988	rundll32.exe	16
PID 2988 wrote to memory of 3000	2988	rundll32.exe	16
PID 2988 wrote to memory of 3000	2988	rundll32.exe	16
PID 2988 wrote to memory of 3000	2988	rundll32.exe	16
PID 2988 wrote to memory of 3000	2988	rundll32.exe	16
PID 2988 wrote to memory of 3000	2988	rundll32.exe	16
PID 2988 wrote to memory of 3000	2988	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c3dda25865f0a8326af11c5a1b771f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c3dda25865f0a8326af11c5a1b771f8.dll,#1
  2⤵
  PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads