a95ea31f9bd21ef9ea116b1aaec7496d31db0f79cc722d0408b2a6121b2b4868 | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:34

Sharing

Report Analysis Logs

General

Target

071166cde5ad640d1a0e7bdc0455f1a5.dll
Size

19KB
MD5

071166cde5ad640d1a0e7bdc0455f1a5
SHA1

cfdc39554dc6422873bccd1c535f033a6f8f8591
SHA256

a95ea31f9bd21ef9ea116b1aaec7496d31db0f79cc722d0408b2a6121b2b4868
SHA512

ab237c256f7cde159c770c8c66f92a444522226a8cc2131508dbf267bd36a5df6dc209b4a59eb6e7df2854587f9c4f3aa3ca6a0c5a994dc70c019ce5362ee9ae
SSDEEP

384:eJJeUJFzFBGsCMAmbGxymkX6e2orip1ueM:ejhzF8sCMFCMp9Brs1pM

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	1944	rundll32.exe

Suspicious behavior: EnumeratesProcesses 56 IoCs

pid	Process
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe
1944	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 1944	2400	rundll32.exe	14
PID 2400 wrote to memory of 1944	2400	rundll32.exe	14
PID 2400 wrote to memory of 1944	2400	rundll32.exe	14
PID 2400 wrote to memory of 1944	2400	rundll32.exe	14
PID 2400 wrote to memory of 1944	2400	rundll32.exe	14
PID 2400 wrote to memory of 1944	2400	rundll32.exe	14
PID 2400 wrote to memory of 1944	2400	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\071166cde5ad640d1a0e7bdc0455f1a5.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1944

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\071166cde5ad640d1a0e7bdc0455f1a5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads