e965571d6d96c552d28c34ca8793bc06561ed8d853ac724ce9c63ccf1ab4a172 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:22

Sharing

Report Analysis Logs

General

Target

045634f9dd4eaf2f5bccbebca37faa8f.dll
Size

100KB
MD5

045634f9dd4eaf2f5bccbebca37faa8f
SHA1

afd1b0ea0445c1a1bb74fd9c5b823f4ca4f4ae9a
SHA256

e965571d6d96c552d28c34ca8793bc06561ed8d853ac724ce9c63ccf1ab4a172
SHA512

8cad475c7042b9345e000527e2809e2d45f3ae1afd765471dc7843c433e9172985bf76af6876af72d86f40e8710aede8af237ca55a2f4fad198d9bc321700520
SSDEEP

3072:EhaMqdtNFMQb7BBWfGtTcTyYcXAkomqbIy:gaMC77BpU3mqIy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1736	2076	rundll32.exe	17
PID 2076 wrote to memory of 1736	2076	rundll32.exe	17
PID 2076 wrote to memory of 1736	2076	rundll32.exe	17
PID 2076 wrote to memory of 1736	2076	rundll32.exe	17
PID 2076 wrote to memory of 1736	2076	rundll32.exe	17
PID 2076 wrote to memory of 1736	2076	rundll32.exe	17
PID 2076 wrote to memory of 1736	2076	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\045634f9dd4eaf2f5bccbebca37faa8f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\045634f9dd4eaf2f5bccbebca37faa8f.dll,#1
  2⤵
  PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-0-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download
memory/1736-2-0x00000000001B0000-0x00000000001C7000-memory.dmp

Filesize
92KB

Download
memory/1736-1-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download