68055670784b099d65526b2db076b404baa71b623fa2dd57fef252f167cfe981 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 21:27

Sharing

Report Analysis Logs

General

Target

pcre3.dll
Size

68KB
MD5

7ee694508dc9d6a2d570c05f51c1755d
SHA1

6d0561abee42cff741bf334969b2c6dc873db9f2
SHA256

e3ee5551add4443122768525970aad98f8540d62961e9822ff77e6593259b170
SHA512

d083ba1c1b5dd35eab4088196b0dd78dff4677d294035962f121af80500be5f4c4ee393ba87c1ff33169ae32a6b69fb411fe9318de8c8ab938cbb04d117a1b34
SSDEEP

1536:p7BfPcBGgypDHRWicA4vziYl62n0eJ1H2Qfr:p7BfPsGgypDxWLA4vuYl/TJN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2884	2232	rundll32.exe	16
PID 2232 wrote to memory of 2884	2232	rundll32.exe	16
PID 2232 wrote to memory of 2884	2232	rundll32.exe	16
PID 2232 wrote to memory of 2884	2232	rundll32.exe	16
PID 2232 wrote to memory of 2884	2232	rundll32.exe	16
PID 2232 wrote to memory of 2884	2232	rundll32.exe	16
PID 2232 wrote to memory of 2884	2232	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pcre3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\pcre3.dll,#1
  2⤵
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2884-0-0x0000000061B40000-0x0000000061B6C000-memory.dmp

Filesize
176KB

Download