f866bd2e91f24b3021df3b089fac2ee42f70e1961c12fa63d7d068e971208398 | Triage

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 07:16

Sharing

Report Analysis Logs

General

Target

5bf5624488fd4a9f5e7a944b08ce91a2.dll
Size

6KB
MD5

5bf5624488fd4a9f5e7a944b08ce91a2
SHA1

bd18bc8c4fa9c0fe3ee0046b2a42c07a54452934
SHA256

f866bd2e91f24b3021df3b089fac2ee42f70e1961c12fa63d7d068e971208398
SHA512

89055b0a728ed2ebe34410494990951ec30623fab0f19a8c44aa369e1747e865c691ba4a7f2f339616aee5e82c91fae9a8acb85564eda0241171823362ede9d2
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0EB+BDq9J5SH:VDa9VUX9bQWkB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2292	2276	rundll32.exe	28
PID 2276 wrote to memory of 2292	2276	rundll32.exe	28
PID 2276 wrote to memory of 2292	2276	rundll32.exe	28
PID 2276 wrote to memory of 2292	2276	rundll32.exe	28
PID 2276 wrote to memory of 2292	2276	rundll32.exe	28
PID 2276 wrote to memory of 2292	2276	rundll32.exe	28
PID 2276 wrote to memory of 2292	2276	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bf5624488fd4a9f5e7a944b08ce91a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bf5624488fd4a9f5e7a944b08ce91a2.dll,#1
  2⤵
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads