15a239826650e9fb00b0fdf647e069684265213bdbe39ecbe1ead054e091f0d5 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:44

Sharing

Report Analysis Logs

General

Target

127b2d99e5be7edb36b7491edb3fddf9.dll
Size

33KB
MD5

127b2d99e5be7edb36b7491edb3fddf9
SHA1

255474b99a33257b5d557c2e8efd80693c36cf5e
SHA256

15a239826650e9fb00b0fdf647e069684265213bdbe39ecbe1ead054e091f0d5
SHA512

8cc191eabf9e13f7a33004b10ad9c4be1b51dc401d82ad138a7f77a30ce8ba20e79b210d979ff8bfd0c7c62e03d35623b8250d70381bb56333fbce6878d42b67
SSDEEP

768:jEaVI5HfxVed0j1na778f02ONVO0xRAd7:jEaVo1j1o7802gvRk7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1572	1792	rundll32.exe	14
PID 1792 wrote to memory of 1572	1792	rundll32.exe	14
PID 1792 wrote to memory of 1572	1792	rundll32.exe	14
PID 1792 wrote to memory of 1572	1792	rundll32.exe	14
PID 1792 wrote to memory of 1572	1792	rundll32.exe	14
PID 1792 wrote to memory of 1572	1792	rundll32.exe	14
PID 1792 wrote to memory of 1572	1792	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\127b2d99e5be7edb36b7491edb3fddf9.dll,#1
1⤵
PID:1572

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\127b2d99e5be7edb36b7491edb3fddf9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads