aa9e21f711a58e9d428e8b78eb952d755c495e3073a0f9292e1993fe823c5afa | Triage

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:13

Sharing

Report Analysis Logs

General

Target

09b85de95c0b1e7c0d01f2087f41e7af.dll
Size

14KB
MD5

09b85de95c0b1e7c0d01f2087f41e7af
SHA1

562dda03f02dd4e31331719bc44450515f085241
SHA256

aa9e21f711a58e9d428e8b78eb952d755c495e3073a0f9292e1993fe823c5afa
SHA512

f3f27cb4d81200994f09278078a430782ca1b11e7a0fa3d5d1c270472ec375a019fb58b29e5ef82fcced855b49e4263d11be4b1b9ea6f9af07c48be9bc4f587e
SSDEEP

384:6XPIiFUu5gyk87ihCGJQ3o+fveu25UuEWtV:wAfxyn7EOfm1aWt

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
2	2584	rundll32.exe
3	2584	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2584	2512	rundll32.exe	21
PID 2512 wrote to memory of 2584	2512	rundll32.exe	21
PID 2512 wrote to memory of 2584	2512	rundll32.exe	21
PID 2512 wrote to memory of 2584	2512	rundll32.exe	21
PID 2512 wrote to memory of 2584	2512	rundll32.exe	21
PID 2512 wrote to memory of 2584	2512	rundll32.exe	21
PID 2512 wrote to memory of 2584	2512	rundll32.exe	21

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09b85de95c0b1e7c0d01f2087f41e7af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09b85de95c0b1e7c0d01f2087f41e7af.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads