6311000cbee01df35abdd7b6ed271096ca085e8d766d98f8c07866a18b0c2879 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:22

Sharing

Report Analysis Logs

General

Target

1fdd07e96df518973a6fa4f2bce6208c.dll
Size

106KB
MD5

1fdd07e96df518973a6fa4f2bce6208c
SHA1

ba1904aef83fc0b3f087443cae2d1e7406278e90
SHA256

6311000cbee01df35abdd7b6ed271096ca085e8d766d98f8c07866a18b0c2879
SHA512

c8829d41f64e21be8ed63e53e8c84209e9eb7d10fe982be5b0761ac08630bffe639aa6ea200e8e0d99beadb37e4fe7c374aa1c62c9173d1667f2349737d1defd
SSDEEP

3072:mCaVb2b8LPAcbVPnaKjJkNcbzCIVnijEN:mCLILzEcJzCEim

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 1912	3020	rundll32.exe	28
PID 3020 wrote to memory of 1912	3020	rundll32.exe	28
PID 3020 wrote to memory of 1912	3020	rundll32.exe	28
PID 3020 wrote to memory of 1912	3020	rundll32.exe	28
PID 3020 wrote to memory of 1912	3020	rundll32.exe	28
PID 3020 wrote to memory of 1912	3020	rundll32.exe	28
PID 3020 wrote to memory of 1912	3020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fdd07e96df518973a6fa4f2bce6208c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fdd07e96df518973a6fa4f2bce6208c.dll,#1
  2⤵
  PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-0-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download