96b313f37530f76b9ed888e9f796c4bc476aa46d6995318ad24ddf7633265e9e | Triage

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 13:29

Sharing

Report Analysis Logs

General

Target

7288d68b6ca96c207603106735df270f.dll
Size

42KB
MD5

7288d68b6ca96c207603106735df270f
SHA1

6619e2c3dfb864b394ccd94c079b393aa2258ecc
SHA256

96b313f37530f76b9ed888e9f796c4bc476aa46d6995318ad24ddf7633265e9e
SHA512

60d3487ac23303272346eec8751f75aa5ad92742dfa0b9109f971334a52fb8c1db024e6f0ebb6489854dac7ce397a563512b79e783713806d296bed9354b0198
SSDEEP

768:7wlgrXCa2eysN4rjBnGLIfqhohqAbdyLb1o9yia:jr/2wN4NG0SChXb81oYi

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 1936	1240	rundll32.exe	16
PID 1240 wrote to memory of 1936	1240	rundll32.exe	16
PID 1240 wrote to memory of 1936	1240	rundll32.exe	16
PID 1240 wrote to memory of 1936	1240	rundll32.exe	16
PID 1240 wrote to memory of 1936	1240	rundll32.exe	16
PID 1240 wrote to memory of 1936	1240	rundll32.exe	16
PID 1240 wrote to memory of 1936	1240	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7288d68b6ca96c207603106735df270f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7288d68b6ca96c207603106735df270f.dll,#1
  2⤵
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/1936-1-0x0000000000870000-0x0000000000946000-memory.dmp

Filesize
856KB

Download