3fdb8cbd56159362839dba27c837e41b7c32abb432458dd5af39fc302afdcfa6 | Triage

Analysis

max time kernel
122s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 10:22

Sharing

Report Analysis Logs

General

Target

66e1487406d0674da87c2d110286714a.dll
Size

220KB
MD5

66e1487406d0674da87c2d110286714a
SHA1

6ea84195615f62f957782190a40f77ac149a8418
SHA256

3fdb8cbd56159362839dba27c837e41b7c32abb432458dd5af39fc302afdcfa6
SHA512

42028dcfc249a45e176a3e1b0ea73872b24dfd7671532708562ee41777d504fc8ac37cdfc966a3fca2c6bf1a757b43d69913e5b110fc50e4662d6f74aac582d0
SSDEEP

768:xeSJtXthyDMWiWYtCiFEMeYcBBQARQkQmpG0S:rJt9KMbtR2MeYcBBQARR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2152	3004	rundll32.exe	17
PID 3004 wrote to memory of 2152	3004	rundll32.exe	17
PID 3004 wrote to memory of 2152	3004	rundll32.exe	17
PID 3004 wrote to memory of 2152	3004	rundll32.exe	17
PID 3004 wrote to memory of 2152	3004	rundll32.exe	17
PID 3004 wrote to memory of 2152	3004	rundll32.exe	17
PID 3004 wrote to memory of 2152	3004	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66e1487406d0674da87c2d110286714a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66e1487406d0674da87c2d110286714a.dll,#1
  2⤵
  PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads