e434a177ccbbea6e31655a567b4e80921a68cc023c769fb495a8f92eec76c51b | Triage

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 23:26

Sharing

Report Analysis Logs

General

Target

ffc54402079159b1c512739a73009bae.dll
Size

77KB
MD5

ffc54402079159b1c512739a73009bae
SHA1

63fa424d2cb75c29437a465ac2ae8471e43365dc
SHA256

e434a177ccbbea6e31655a567b4e80921a68cc023c769fb495a8f92eec76c51b
SHA512

f9d2592c12a14b8117d4e9f48508871964434fd0dcf8b5c2d376ae02f2d498a134db7e0f0e1e5b8b2e7eb0e4ae15dd3fa215c2cb59a38eebb69c418804b43970
SSDEEP

1536:BhmsNgmR8ofV0VQfMT/d00Zgk3D0VtqoucTc7q:BhJN8oCQwFvDMtqou4cu

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2392	1768	rundll32.exe	28
PID 1768 wrote to memory of 2392	1768	rundll32.exe	28
PID 1768 wrote to memory of 2392	1768	rundll32.exe	28
PID 1768 wrote to memory of 2392	1768	rundll32.exe	28
PID 1768 wrote to memory of 2392	1768	rundll32.exe	28
PID 1768 wrote to memory of 2392	1768	rundll32.exe	28
PID 1768 wrote to memory of 2392	1768	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc54402079159b1c512739a73009bae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc54402079159b1c512739a73009bae.dll,#1
  2⤵
  PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads