cf614e9701e67133d2644a1c591f5fd0695a891458c7fb58b0ad53c12b4bb0c8 | Triage

Analysis

max time kernel
54s
max time network
33s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:24

Sharing

Report Analysis Logs

General

Target

670cfec05ebac3398474f5875e16dc00.dll
Size

3KB
MD5

670cfec05ebac3398474f5875e16dc00
SHA1

b1e696895fbdf12f6ba528cafc558855479576f9
SHA256

cf614e9701e67133d2644a1c591f5fd0695a891458c7fb58b0ad53c12b4bb0c8
SHA512

7ec1e794e91654e45d0f2bd34d231687a482354dbf71827f47085fa96f8aa3accfa9156e14d907ac5e7fc1af155a963ba84452a8b3e05848dba5dc63c6eaf40c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2700	2924	rundll32.exe	29
PID 2924 wrote to memory of 2700	2924	rundll32.exe	29
PID 2924 wrote to memory of 2700	2924	rundll32.exe	29
PID 2924 wrote to memory of 2700	2924	rundll32.exe	29
PID 2924 wrote to memory of 2700	2924	rundll32.exe	29
PID 2924 wrote to memory of 2700	2924	rundll32.exe	29
PID 2924 wrote to memory of 2700	2924	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\670cfec05ebac3398474f5875e16dc00.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\670cfec05ebac3398474f5875e16dc00.dll,#1
  2⤵
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads