6fbd925707f062835ae2ac1fe19ce09926d3887f5bad8a81fb4f97276f3a8b76 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:27

Sharing

Report Analysis Logs

General

Target

06e8d8524f23adcb7159d4d743fcc6a3.dll
Size

881KB
MD5

06e8d8524f23adcb7159d4d743fcc6a3
SHA1

5b071d127783884a41db4bb49c60be7526a2d9d0
SHA256

6fbd925707f062835ae2ac1fe19ce09926d3887f5bad8a81fb4f97276f3a8b76
SHA512

95212d324a9c6a993e983b13d8724b2bc2c529700557fb5388e0999e39b5efba16cdbdcadb98ef9b6dcc2613c35ac5aa5fc7d3112d64a593a9cb3d65dcd1fd93
SSDEEP

24576:OfuTIhRHK3kOHV38/VZotrnL9fBDzr5Vz:16Rruxgmrn5fV

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1252	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06e8d8524f23adcb7159d4d743fcc6a3.dll,#1
1⤵
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06e8d8524f23adcb7159d4d743fcc6a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads