20a957255fac600eaa016b36ed6e1817080354875fda35f600f58aa9d10517e0 | Triage

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:00

Sharing

Report Analysis Logs

General

Target

095b85f8f7cedbc14d0fcf2b53ca4341.dll
Size

1.0MB
MD5

095b85f8f7cedbc14d0fcf2b53ca4341
SHA1

0efaeada1a7b0f2aefb3ce8c6ca6c6d06a06d603
SHA256

20a957255fac600eaa016b36ed6e1817080354875fda35f600f58aa9d10517e0
SHA512

61f49997d7f3bc3c6297ea1a00ce1577b48d4075f6e98837366ea05e997ec4098a95a92023ac01815c345f8db4a01dd6a5bffcf268e66d6bfe6d63be88841f18
SSDEEP

24576:tey9++YnuoWC0cu+pS0+M3tb0pvaep5ZploCz:59+1u5CVu/0J3tCieDhoCz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2904	2756	rundll32.exe	28
PID 2756 wrote to memory of 2904	2756	rundll32.exe	28
PID 2756 wrote to memory of 2904	2756	rundll32.exe	28
PID 2756 wrote to memory of 2904	2756	rundll32.exe	28
PID 2756 wrote to memory of 2904	2756	rundll32.exe	28
PID 2756 wrote to memory of 2904	2756	rundll32.exe	28
PID 2756 wrote to memory of 2904	2756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\095b85f8f7cedbc14d0fcf2b53ca4341.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\095b85f8f7cedbc14d0fcf2b53ca4341.dll,#1
  2⤵
  PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads