1eb510307556d1ed46457852404fcc35aa3ab2f4aae8ea118076f12fa1a06252 | Triage

Analysis

max time kernel
76s
max time network
43s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c8bcaa1637ac2d5fe8a40fc61c8ce10.dll
Size

13KB
MD5

0c8bcaa1637ac2d5fe8a40fc61c8ce10
SHA1

313bd19492da3eb8cd4842b982ca66cca1624458
SHA256

1eb510307556d1ed46457852404fcc35aa3ab2f4aae8ea118076f12fa1a06252
SHA512

8ab978603c3addf4b5b67f2cddc5bc0d22c13858a7402ca88a7a8a857808f5915a7bce845874548fa72016e17888349691292ae6e5a461f97eb5c792d8110f7a
SSDEEP

192:uPLXtf3j64aURjOqdEkkvJQfFb1511/uNDu8C4hu:iLdf3hRj5dEkkqtbku8nw

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1952	rundll32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 1952	740	rundll32.exe	28
PID 740 wrote to memory of 1952	740	rundll32.exe	28
PID 740 wrote to memory of 1952	740	rundll32.exe	28
PID 740 wrote to memory of 1952	740	rundll32.exe	28
PID 740 wrote to memory of 1952	740	rundll32.exe	28
PID 740 wrote to memory of 1952	740	rundll32.exe	28
PID 740 wrote to memory of 1952	740	rundll32.exe	28
PID 1952 wrote to memory of 1208	1952	rundll32.exe	7

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c8bcaa1637ac2d5fe8a40fc61c8ce10.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c8bcaa1637ac2d5fe8a40fc61c8ce10.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1952

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1208-2-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/1952-1-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/1952-0-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download