e0c7007238c113f363cadc18914061680e82f3e20e9dfde6e188344d93db609a | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:46

Sharing

Report Analysis Logs

General

Target

208601c86066c950673e3f03626dc09b.dll
Size

24KB
MD5

208601c86066c950673e3f03626dc09b
SHA1

2a483bbc69be89c56524653a5a003e942ef3c2cc
SHA256

e0c7007238c113f363cadc18914061680e82f3e20e9dfde6e188344d93db609a
SHA512

78378f21cd704c9a50dcce4c32c805bacc858c7e003a98c1709aa980725a544e477ea00d507d844a734be09756d240758704ab0f3e815c0f2c3d6a6f8df47543
SSDEEP

768:SpMGQuW00SXm8qcZ1augDdkfc5qJumUWPsYIY0:SyGQDSXmQMdklumUWPsYZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2232	2896	rundll32.exe	16
PID 2896 wrote to memory of 2232	2896	rundll32.exe	16
PID 2896 wrote to memory of 2232	2896	rundll32.exe	16
PID 2896 wrote to memory of 2232	2896	rundll32.exe	16
PID 2896 wrote to memory of 2232	2896	rundll32.exe	16
PID 2896 wrote to memory of 2232	2896	rundll32.exe	16
PID 2896 wrote to memory of 2232	2896	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\208601c86066c950673e3f03626dc09b.dll,#1
1⤵
PID:2232

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\208601c86066c950673e3f03626dc09b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2232-0-0x0000000010000000-0x000000001004E000-memory.dmp

Filesize
312KB

Download
memory/2232-1-0x0000000010000000-0x000000001004E000-memory.dmp

Filesize
312KB

Download
memory/2232-2-0x0000000010000000-0x000000001004E000-memory.dmp

Filesize
312KB

Download