17cfb9d2b8283012b9c4b92a13a85461115a99a3226c2d6b686b91702d1a992b | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:11

Sharing

Report Analysis Logs

General

Target

0fab57c683951cf82c5d8dbfc0fafdaa.dll
Size

3KB
MD5

0fab57c683951cf82c5d8dbfc0fafdaa
SHA1

069b32b471aa30c8fa0d078f5bb70dc0f9c6432b
SHA256

17cfb9d2b8283012b9c4b92a13a85461115a99a3226c2d6b686b91702d1a992b
SHA512

9e69b3109abeeac0604b8b104c468e9e33504eabca7392298fb6ed5879b5465e3ad51f6786b16bd46bc9e372c99c151383aae9bf604396f68b96fc354be9a781

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2116	2444	rundll32.exe	15
PID 2444 wrote to memory of 2116	2444	rundll32.exe	15
PID 2444 wrote to memory of 2116	2444	rundll32.exe	15
PID 2444 wrote to memory of 2116	2444	rundll32.exe	15
PID 2444 wrote to memory of 2116	2444	rundll32.exe	15
PID 2444 wrote to memory of 2116	2444	rundll32.exe	15
PID 2444 wrote to memory of 2116	2444	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fab57c683951cf82c5d8dbfc0fafdaa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fab57c683951cf82c5d8dbfc0fafdaa.dll,#1
  2⤵
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads