168de4191da8636f508b73c117d792c6c4cb1b86573989ab3c3574a861637652 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:00

Sharing

Report Analysis Logs

General

Target

659bd9e3f86d03c55ed782c9c9eb8614.dll
Size

236KB
MD5

659bd9e3f86d03c55ed782c9c9eb8614
SHA1

8848c27e9887418439da9030e62b18b6519f2fe5
SHA256

168de4191da8636f508b73c117d792c6c4cb1b86573989ab3c3574a861637652
SHA512

9963284885cf38e63a92465df5794889ebb2ec82a96e3d6c8dca7cef8226176c1fc18d8802efec52da9a0625be1b412592eb5bdceb02842a8707f7f58ef5e247
SSDEEP

768:8wEkBce9JK+RuwD+87jLXfG4aBBQARQkqUB4H08:8womjR/+87j7G4aBBQARP8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2216	1712	rundll32.exe	16
PID 1712 wrote to memory of 2216	1712	rundll32.exe	16
PID 1712 wrote to memory of 2216	1712	rundll32.exe	16
PID 1712 wrote to memory of 2216	1712	rundll32.exe	16
PID 1712 wrote to memory of 2216	1712	rundll32.exe	16
PID 1712 wrote to memory of 2216	1712	rundll32.exe	16
PID 1712 wrote to memory of 2216	1712	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\659bd9e3f86d03c55ed782c9c9eb8614.dll,#1
1⤵
PID:2216

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\659bd9e3f86d03c55ed782c9c9eb8614.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads