8de6ada8e6a7a5c79be9f77eac1aca90ab85b707b023f7b56dad48eeaaa1b1b6 | Triage

Analysis

max time kernel
121s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:19

Sharing

Report Analysis Logs

General

Target

133eaf6986d34ee91c368eb5fbe54dcd.dll
Size

65KB
MD5

133eaf6986d34ee91c368eb5fbe54dcd
SHA1

e326b1a87d90571d2f9d70306317020526f97b57
SHA256

8de6ada8e6a7a5c79be9f77eac1aca90ab85b707b023f7b56dad48eeaaa1b1b6
SHA512

db262d7bbf792e16afe813f29b4a3963d9b82635c15f90ea60d9c525a61a312e1cdee134771776b494a7de9a4259293c568e3b85eaf56d48a5adaa22a14afd23
SSDEEP

1536:cY3mAjCdAe8piq31FfL91GkoJGTXuKP4r5sCp:77C8pi7dJC365sC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2748	2268	rundll32.exe	16
PID 2268 wrote to memory of 2748	2268	rundll32.exe	16
PID 2268 wrote to memory of 2748	2268	rundll32.exe	16
PID 2268 wrote to memory of 2748	2268	rundll32.exe	16
PID 2268 wrote to memory of 2748	2268	rundll32.exe	16
PID 2268 wrote to memory of 2748	2268	rundll32.exe	16
PID 2268 wrote to memory of 2748	2268	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\133eaf6986d34ee91c368eb5fbe54dcd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\133eaf6986d34ee91c368eb5fbe54dcd.dll,#1
  2⤵
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads