e77909de347c71672e2d353b0c688e47e03b22119bbdf5d7a371db296bae0fff | Triage

Analysis

max time kernel
148s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 16:02

Sharing

Report Analysis Logs

General

Target

7b13d0e8b5671bca5a8cda09fb197e12.dll
Size

119KB
MD5

7b13d0e8b5671bca5a8cda09fb197e12
SHA1

a7369193587f6715cab5e939c1ce1b7afc15a001
SHA256

e77909de347c71672e2d353b0c688e47e03b22119bbdf5d7a371db296bae0fff
SHA512

4a827085d4524532c6d4a9d4d036c5471cf4a060537a75025a52f9dc066707de13e4e08fd8a4f0bdf3daa8df986ee0792cdc4d96850dbce41cec8b2ae149de14
SSDEEP

3072:hQPki7MKOz6FSwIhfwgK15IDqsaPl52wAXuh9:6r8gm7aP4uh9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 5108	5060	rundll32.exe	14
PID 5060 wrote to memory of 5108	5060	rundll32.exe	14
PID 5060 wrote to memory of 5108	5060	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b13d0e8b5671bca5a8cda09fb197e12.dll,#1
1⤵
PID:5108

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b13d0e8b5671bca5a8cda09fb197e12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5108-0-0x000000003B400000-0x000000003B43A000-memory.dmp

Filesize
232KB

Download
memory/5108-1-0x000000003B400000-0x000000003B43A000-memory.dmp

Filesize
232KB

Download