9fc66f0fb7e7c13558e00b052068fe2a14a2921b58d76e4afedd610982634b02 | Triage

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:51

Sharing

Report Analysis Logs

General

Target

12a1b3511c10cb8d655e243b77c2ee0b.dll
Size

9KB
MD5

12a1b3511c10cb8d655e243b77c2ee0b
SHA1

9270388bc0ac5c884f75add0c690bfc01441ded2
SHA256

9fc66f0fb7e7c13558e00b052068fe2a14a2921b58d76e4afedd610982634b02
SHA512

88a8ebea78f2bd5cb24b31bf56d651edbdfd980ed8292870ace78c145daac9ae003e1e18409f952f314be1de3f60a4e7f4fdf9aa68e50ccb8e4d5619ec85b84e
SSDEEP

96:aVhupNUJ5D7JfC9k+ltg1nWJgpqCaN7CZkyF+1z9a3d9HxB:/eZ74k+l94q5YkX1YJ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2812	2688	rundll32.exe	18
PID 2688 wrote to memory of 2812	2688	rundll32.exe	18
PID 2688 wrote to memory of 2812	2688	rundll32.exe	18
PID 2688 wrote to memory of 2812	2688	rundll32.exe	18
PID 2688 wrote to memory of 2812	2688	rundll32.exe	18
PID 2688 wrote to memory of 2812	2688	rundll32.exe	18
PID 2688 wrote to memory of 2812	2688	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12a1b3511c10cb8d655e243b77c2ee0b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12a1b3511c10cb8d655e243b77c2ee0b.dll,#1
  2⤵
  PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2812-0-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download