8f7461e22c27d70f3d41862de513a5921e6b93a6a8f22d24c1d17843cd013f56 | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:35

Sharing

Report Analysis Logs

General

Target

0a42accf89390e27c5bdbb2c6347a100.dll
Size

574KB
MD5

0a42accf89390e27c5bdbb2c6347a100
SHA1

0749679ad5d2a7219cfaa9b723104eb6cde2cb81
SHA256

8f7461e22c27d70f3d41862de513a5921e6b93a6a8f22d24c1d17843cd013f56
SHA512

50b9da29337d8c5b69a7e751934518db609a0916065fdf21e5a72f28bb31eda26227d4f64293ef2d6df85f439ad464ccf112336730c6359822991ad6dbf8a3c2
SSDEEP

12288:Xj7SI/pMkV9ZRrjBD/VnZGs9tfnqgU59T/6ae:fTnZdjJGKtf3AT/X

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 1300	2124	rundll32.exe	28
PID 2124 wrote to memory of 1300	2124	rundll32.exe	28
PID 2124 wrote to memory of 1300	2124	rundll32.exe	28
PID 2124 wrote to memory of 1300	2124	rundll32.exe	28
PID 2124 wrote to memory of 1300	2124	rundll32.exe	28
PID 2124 wrote to memory of 1300	2124	rundll32.exe	28
PID 2124 wrote to memory of 1300	2124	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a42accf89390e27c5bdbb2c6347a100.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a42accf89390e27c5bdbb2c6347a100.dll,#1
  2⤵
  PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads