5ab271cc667ae6ad14b2281756ede5281d5647bced1caf7dfbe17c8e1056f1ec | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 11:37

Sharing

Report Analysis Logs

General

Target

6b58a817339a6fa0b80a8e4822c43725.dll
Size

32KB
MD5

6b58a817339a6fa0b80a8e4822c43725
SHA1

f55acd3f0539046a33e78e8e407fdc49ff9113fa
SHA256

5ab271cc667ae6ad14b2281756ede5281d5647bced1caf7dfbe17c8e1056f1ec
SHA512

74d725b4d5310dba96aa8d849e218f5ea6fa2171105a5626df2874b58ee3370f49b9f91bc24c8f3874c77f3f913d2cce46ac9a6b581424dc85890f6efe211bc9
SSDEEP

768:2kXiFC+MQtmj5UUdF8a54xM5feT3TSPxdv4G:85jtmF58a4OeT8L

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2180	2520	rundll32.exe	16
PID 2520 wrote to memory of 2180	2520	rundll32.exe	16
PID 2520 wrote to memory of 2180	2520	rundll32.exe	16
PID 2520 wrote to memory of 2180	2520	rundll32.exe	16
PID 2520 wrote to memory of 2180	2520	rundll32.exe	16
PID 2520 wrote to memory of 2180	2520	rundll32.exe	16
PID 2520 wrote to memory of 2180	2520	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b58a817339a6fa0b80a8e4822c43725.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b58a817339a6fa0b80a8e4822c43725.dll,#1
  2⤵
  PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads