a6674eed461a75c70545e2f958b50f80a88534ef80dc92b29b1b41416ca157a7 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:35

Sharing

Report Analysis Logs

General

Target

0bd55a097a063de78b03ad9d7c99579c.dll
Size

31KB
MD5

0bd55a097a063de78b03ad9d7c99579c
SHA1

1aeb888d5641ffc226c5a1420dfefe91c334229c
SHA256

a6674eed461a75c70545e2f958b50f80a88534ef80dc92b29b1b41416ca157a7
SHA512

9cdacab14327d263a20e7c825a629e555b653dd1d93c4f7ff846ecc8c06696ccd53cfc641824ee118495b878e1851518ae4d0543a61e8afe811b86cde41a0419
SSDEEP

768:BbAz0XNcY+2xUXxdtZtsbzyL3S0ZgXBmaC:B5cVMq38BC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2076	2392	rundll32.exe	16
PID 2392 wrote to memory of 2076	2392	rundll32.exe	16
PID 2392 wrote to memory of 2076	2392	rundll32.exe	16
PID 2392 wrote to memory of 2076	2392	rundll32.exe	16
PID 2392 wrote to memory of 2076	2392	rundll32.exe	16
PID 2392 wrote to memory of 2076	2392	rundll32.exe	16
PID 2392 wrote to memory of 2076	2392	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bd55a097a063de78b03ad9d7c99579c.dll,#1
1⤵
PID:2076

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bd55a097a063de78b03ad9d7c99579c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads