b97d007d1fb516a5a8b1b39e8d9ede7844de67fe9f55facf7c1023dc97464d90 | Triage

Analysis

max time kernel
133s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 07:54

Sharing

Report Analysis Logs

General

Target

12b6dafa26cffd0f3c51c939603205f4.dll
Size

48KB
MD5

12b6dafa26cffd0f3c51c939603205f4
SHA1

4a6a3a0d2fe8258df0be283b55fb2fb266e2f0a4
SHA256

b97d007d1fb516a5a8b1b39e8d9ede7844de67fe9f55facf7c1023dc97464d90
SHA512

5c0fadb52dbd02d778826d687249de4e61875cdbc4d97c5f01c9fc7218ea7e16cff17b6aca9bb3f0b587849b7269bba2461de28bd97ac6aa5ab6df890d605706
SSDEEP

768:KH8uCdY3tCVyJtsG/IIWbEKIPPrAuamStmtsL29sS:KcuCy33Jt5obRIPjADFmt6

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

flow	pid	Process
3	2864	rundll32.exe
7	2864	rundll32.exe
8	2864	rundll32.exe
9	2864	rundll32.exe
10	2864	rundll32.exe
11	2864	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2864	1672	rundll32.exe	1
PID 1672 wrote to memory of 2864	1672	rundll32.exe	1
PID 1672 wrote to memory of 2864	1672	rundll32.exe	1
PID 1672 wrote to memory of 2864	1672	rundll32.exe	1
PID 1672 wrote to memory of 2864	1672	rundll32.exe	1
PID 1672 wrote to memory of 2864	1672	rundll32.exe	1
PID 1672 wrote to memory of 2864	1672	rundll32.exe	1

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12b6dafa26cffd0f3c51c939603205f4.dll,#1
1⤵
- Blocklisted process makes network request
PID:2864

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12b6dafa26cffd0f3c51c939603205f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads