016cf589c18adf3f3bb76b9889f17ee8a320997110dcb409c50774317015f80d | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 22:27

Sharing

Report Analysis Logs

General

Target

05973e33b088ae5974e7868cb23d39ca.dll
Size

1.0MB
MD5

05973e33b088ae5974e7868cb23d39ca
SHA1

7f447ce77cdc484a535eb9a232b0657f9394f3be
SHA256

016cf589c18adf3f3bb76b9889f17ee8a320997110dcb409c50774317015f80d
SHA512

ec4ac5b6bcacd23e1a8bf2f8c5c0be5eff7d1d4b44030c08a81166f7b1015f0814c8b25aa552f659b9c9d862dda3120fe4ff42b11417bf815815492954600ac6
SSDEEP

24576:c9FZ1lACbbqkyXMR+TrECZfGPn8rth0sHRNnro:c6kbUhJo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1680	2100	rundll32.exe	16
PID 2100 wrote to memory of 1680	2100	rundll32.exe	16
PID 2100 wrote to memory of 1680	2100	rundll32.exe	16
PID 2100 wrote to memory of 1680	2100	rundll32.exe	16
PID 2100 wrote to memory of 1680	2100	rundll32.exe	16
PID 2100 wrote to memory of 1680	2100	rundll32.exe	16
PID 2100 wrote to memory of 1680	2100	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05973e33b088ae5974e7868cb23d39ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05973e33b088ae5974e7868cb23d39ca.dll,#1
  2⤵
  PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1680-0-0x0000000001F20000-0x0000000002026000-memory.dmp

Filesize
1.0MB

Download