e75606fee2de946d628bce065423780c228921c167c95a7297c45989eb1fbf0e | Triage

Analysis

max time kernel
38s
max time network
20s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6188cc711e969df9428716c6655524a8.dll
Size

54KB
MD5

6188cc711e969df9428716c6655524a8
SHA1

c066bfa8e3f310140bfc986fe09ad3dfdbb4e769
SHA256

e75606fee2de946d628bce065423780c228921c167c95a7297c45989eb1fbf0e
SHA512

e5a8032682274853777a613efab10bd555192cde5a87726b6d9b6fa3549d6b615e523a60e371de847b7945726945ca6e161b0cb9ba831adb7984d7227b52101d
SSDEEP

1536:epiZea6EoqNrkSZP1rFSLZxhRXnUlPiohO:OAZ6EpNQSt1xKB9nUEp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2868	2036	rundll32.exe	14
PID 2036 wrote to memory of 2868	2036	rundll32.exe	14
PID 2036 wrote to memory of 2868	2036	rundll32.exe	14
PID 2036 wrote to memory of 2868	2036	rundll32.exe	14
PID 2036 wrote to memory of 2868	2036	rundll32.exe	14
PID 2036 wrote to memory of 2868	2036	rundll32.exe	14
PID 2036 wrote to memory of 2868	2036	rundll32.exe	14

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6188cc711e969df9428716c6655524a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6188cc711e969df9428716c6655524a8.dll,#1
  2⤵
  PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads