c01c8d17b9e83314cfe7acf87d31b8aef6503500bc07f831e48f78706522246d | Triage

Analysis

max time kernel
8s
max time network
32s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09ac10fe6bce784c88ad27c4ef8aff43.dll
Size

37KB
MD5

09ac10fe6bce784c88ad27c4ef8aff43
SHA1

f52f786be9c6ac777f465e3d33a342011a0bdcba
SHA256

c01c8d17b9e83314cfe7acf87d31b8aef6503500bc07f831e48f78706522246d
SHA512

23dedeace94f75770d7f2a3861b44401b4ae46f8a0077bc816a3c3162ef322371a56f626982abb6958e3941a7c7140b644a9f0dd7fbb0ff72dfba7047f0154ac
SSDEEP

768:wy0qJQRvLCr6bWDWAxcHQDkavRIqi3NLExx:H0qJQhLTg7cirIqCqx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 1692	2884	rundll32.exe	17
PID 2884 wrote to memory of 1692	2884	rundll32.exe	17
PID 2884 wrote to memory of 1692	2884	rundll32.exe	17
PID 2884 wrote to memory of 1692	2884	rundll32.exe	17
PID 2884 wrote to memory of 1692	2884	rundll32.exe	17
PID 2884 wrote to memory of 1692	2884	rundll32.exe	17
PID 2884 wrote to memory of 1692	2884	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09ac10fe6bce784c88ad27c4ef8aff43.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09ac10fe6bce784c88ad27c4ef8aff43.dll,#1
  2⤵
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1692-0-0x00000000000F0000-0x00000000000FF000-memory.dmp

Filesize
60KB

Download