aae403394d995ef3dbe0ef757722696e1a10e62311ccb6e6dbeb35cac629d259 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 23:31

Sharing

Report Analysis Logs

General

Target

20134ad02ae986d2586c62a80a3ff416.dll
Size

28KB
MD5

20134ad02ae986d2586c62a80a3ff416
SHA1

bda3e3a95a80d327e3e286a8ae2ca1b9903c9977
SHA256

aae403394d995ef3dbe0ef757722696e1a10e62311ccb6e6dbeb35cac629d259
SHA512

85bd1a884e3ce6bcb3d66c0ffc5c62f44557028b07da2ebd9b4de612b68170aebc372e219194dabc04089d252ad283074c9f4567c271899b4e31a576a31828b8
SSDEEP

768:3HZITUOwXQDiWjDOKbWsA8cgeIR4Rv9ce5bZjG:3HyoOwguiyKbfVemWvi

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2124	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2124	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2124	2332	rundll32.exe	28
PID 2332 wrote to memory of 2124	2332	rundll32.exe	28
PID 2332 wrote to memory of 2124	2332	rundll32.exe	28
PID 2332 wrote to memory of 2124	2332	rundll32.exe	28
PID 2332 wrote to memory of 2124	2332	rundll32.exe	28
PID 2332 wrote to memory of 2124	2332	rundll32.exe	28
PID 2332 wrote to memory of 2124	2332	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20134ad02ae986d2586c62a80a3ff416.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20134ad02ae986d2586c62a80a3ff416.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads