c3793026cc1b513f0e3d680105b4335316f2712f17610052ce24ae3375fdbde5 | Triage

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f96e3c4cf4579cf376f26d36ee80b48d.dll
Size

119KB
MD5

f96e3c4cf4579cf376f26d36ee80b48d
SHA1

fa9b98de862e9e0c0b4ed24826f4d08050944750
SHA256

c3793026cc1b513f0e3d680105b4335316f2712f17610052ce24ae3375fdbde5
SHA512

9f362c05a8a99032d48775a642356bd6ed6fcde214459c7523d7b337d485a82cf5b6fd6b5b97676f9ccb69a083e700aaea0edbcd414c597a928460b3a5bb73e3
SSDEEP

3072:/dgM9yz9Eq7YkeOMC3bGvKolQae8cOrlBfD21:/Clz9b7lePCLGvKol9jBQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2648	1728	rundll32.exe	28
PID 1728 wrote to memory of 2648	1728	rundll32.exe	28
PID 1728 wrote to memory of 2648	1728	rundll32.exe	28
PID 1728 wrote to memory of 2648	1728	rundll32.exe	28
PID 1728 wrote to memory of 2648	1728	rundll32.exe	28
PID 1728 wrote to memory of 2648	1728	rundll32.exe	28
PID 1728 wrote to memory of 2648	1728	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f96e3c4cf4579cf376f26d36ee80b48d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f96e3c4cf4579cf376f26d36ee80b48d.dll,#1
  2⤵
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-0-0x0000000074860000-0x0000000074883000-memory.dmp

Filesize
140KB

Download