983125f65030e0b469ac95d1cd1d6c714afa811e4424261b37e4794f55d4b76a | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1301b85e33054fbac46cb496ed3a20b3.dll
Size

31KB
MD5

1301b85e33054fbac46cb496ed3a20b3
SHA1

b78b6297679d84e765521d74ac774581c1cef2aa
SHA256

983125f65030e0b469ac95d1cd1d6c714afa811e4424261b37e4794f55d4b76a
SHA512

3f9825b29428f8cd0df7e7c07b41eb5d1fa9b0c46a2373ae50f27a274ff36f038bd21aadd64d037c455d43054e9ce9d21d84a6856dc7844db8199427198cb3cf
SSDEEP

768:qLJWA1CqWe0PamHQ267tM/AChqDERIEjN7:8kA1kPamM7tEhkYRIEjx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1228	1692	rundll32.exe	19
PID 1692 wrote to memory of 1228	1692	rundll32.exe	19
PID 1692 wrote to memory of 1228	1692	rundll32.exe	19
PID 1692 wrote to memory of 1228	1692	rundll32.exe	19
PID 1692 wrote to memory of 1228	1692	rundll32.exe	19
PID 1692 wrote to memory of 1228	1692	rundll32.exe	19
PID 1692 wrote to memory of 1228	1692	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1301b85e33054fbac46cb496ed3a20b3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1301b85e33054fbac46cb496ed3a20b3.dll,#1
  2⤵
  PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads