ca1c90141e0b58fc5b82194120b8e30b3142b8fc5603dc22250eca26009b8b03 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 21:22

Sharing

Report Analysis Logs

General

Target

04571e6cdc6be2a9e5d63bca0e623758.dll
Size

218KB
MD5

04571e6cdc6be2a9e5d63bca0e623758
SHA1

ab248eba06531c37b694e6d6f2d063bdb6f436f7
SHA256

ca1c90141e0b58fc5b82194120b8e30b3142b8fc5603dc22250eca26009b8b03
SHA512

efc19dbe44c01bdf06e43e5d265feccbbe7cd2a34ad9d2027269b46ffcec2808774577919308cd2729c5eec78a5478bf2ea07a5542a776889aba27fec47613d3
SSDEEP

6144:O/J+8lVdLEVKlTJy+6Vj5v35yWcZQ2je:cVVdjJy+Wdf5yq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1320	2320	rundll32.exe	28
PID 2320 wrote to memory of 1320	2320	rundll32.exe	28
PID 2320 wrote to memory of 1320	2320	rundll32.exe	28
PID 2320 wrote to memory of 1320	2320	rundll32.exe	28
PID 2320 wrote to memory of 1320	2320	rundll32.exe	28
PID 2320 wrote to memory of 1320	2320	rundll32.exe	28
PID 2320 wrote to memory of 1320	2320	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04571e6cdc6be2a9e5d63bca0e623758.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04571e6cdc6be2a9e5d63bca0e623758.dll,#1
  2⤵
  PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads