3f197509d8304a8a2de270658204724217af3c533fd82b9b9efd490e180c5589 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 21:28

Sharing

Report Analysis Logs

General

Target

f95613155eb5d9aff3a8b46df28211f5.dll
Size

3KB
MD5

f95613155eb5d9aff3a8b46df28211f5
SHA1

d3a172bdbbba1f10f1e0581c0d29b04fbb8bb774
SHA256

3f197509d8304a8a2de270658204724217af3c533fd82b9b9efd490e180c5589
SHA512

247e80b9b3ce01dd16b1322e208f114880a5cb1f16e634ce315663ea47fc02610e10bab9489c15425da2f00e602e96b7f7751a8a61658311054bb5c7bb2bb75d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2528	2060	rundll32.exe	16
PID 2060 wrote to memory of 2528	2060	rundll32.exe	16
PID 2060 wrote to memory of 2528	2060	rundll32.exe	16
PID 2060 wrote to memory of 2528	2060	rundll32.exe	16
PID 2060 wrote to memory of 2528	2060	rundll32.exe	16
PID 2060 wrote to memory of 2528	2060	rundll32.exe	16
PID 2060 wrote to memory of 2528	2060	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f95613155eb5d9aff3a8b46df28211f5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f95613155eb5d9aff3a8b46df28211f5.dll,#1
  2⤵
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads