24ac3c80e2672fececef4662512be86f5298b165c1ed3fd02cc6ea5de972e658 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:59

Sharing

Report Analysis Logs

General

Target

0db145a2f402fd84b7eafa1a82297803.dll
Size

7KB
MD5

0db145a2f402fd84b7eafa1a82297803
SHA1

ed470d59f626acfc819fa1ddfc7b690390bdd97e
SHA256

24ac3c80e2672fececef4662512be86f5298b165c1ed3fd02cc6ea5de972e658
SHA512

66b66cea892ef562d490153848ff1648a6743080f0a089c8e1d846c1d9a6bf93d767240070481a81f6be51cc3e02e90df5c6f429600740f74aa470744e1387bf
SSDEEP

192:c6yNOLBVtPS17yxz5Cskn0nk4Xm/OdNkgUw9h:c6yNE/tY2xzI30nkbAi+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2124	2112	rundll32.exe	19
PID 2112 wrote to memory of 2124	2112	rundll32.exe	19
PID 2112 wrote to memory of 2124	2112	rundll32.exe	19
PID 2112 wrote to memory of 2124	2112	rundll32.exe	19
PID 2112 wrote to memory of 2124	2112	rundll32.exe	19
PID 2112 wrote to memory of 2124	2112	rundll32.exe	19
PID 2112 wrote to memory of 2124	2112	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0db145a2f402fd84b7eafa1a82297803.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0db145a2f402fd84b7eafa1a82297803.dll,#1
  2⤵
  PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2124-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download