86d6b788063cee36cf8a40faa81113b54d6233aaf217a8f9492d020fcb0fedcd | Triage

Analysis

max time kernel
4s
max time network
34s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06ba5e6d3af769bf88d7881afe55c69c.dll
Size

108KB
MD5

06ba5e6d3af769bf88d7881afe55c69c
SHA1

82bb652560357bd2fe9e0a56b68967cc48ef79e5
SHA256

86d6b788063cee36cf8a40faa81113b54d6233aaf217a8f9492d020fcb0fedcd
SHA512

e705efb25e4104761c446381b14769963cb27303154243159aa02a8d5219082f45b7870e9c951b9a4c846486fafde44bffba1d22f48029d4351273f772e39f79
SSDEEP

3072:YWysui0wHIOp+TtsdueorvSoSO+qtB9N6fr:Fui0wodThrvdPtB9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2912	2116	rundll32.exe	28
PID 2116 wrote to memory of 2912	2116	rundll32.exe	28
PID 2116 wrote to memory of 2912	2116	rundll32.exe	28
PID 2116 wrote to memory of 2912	2116	rundll32.exe	28
PID 2116 wrote to memory of 2912	2116	rundll32.exe	28
PID 2116 wrote to memory of 2912	2116	rundll32.exe	28
PID 2116 wrote to memory of 2912	2116	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ba5e6d3af769bf88d7881afe55c69c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ba5e6d3af769bf88d7881afe55c69c.dll,#1
  2⤵
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2912-0-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/2912-3-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/2912-5-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download
memory/2912-6-0x0000000000160000-0x000000000016A000-memory.dmp

Filesize
40KB

Download