66f1538830834389e7d20efb83edcc8a632e6b1be6e421f7b11cabd026d06a70 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13e93a9125414009ecc770457cdd41b9.dll
Size

6KB
MD5

13e93a9125414009ecc770457cdd41b9
SHA1

5265279b375677e89bd51adfc35b83c63330055b
SHA256

66f1538830834389e7d20efb83edcc8a632e6b1be6e421f7b11cabd026d06a70
SHA512

fa59377b4e05706ed8779fa1644013dd98704140e787b3ef3bfe9787ab4d86602072ee08a8a55e8249e3067932769d0f60f5ad45f9dadd7d1719ccc8871140d0
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G02B+BDq9J5S2:0QDV8FscMjsLFV3uB+FqX5S2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2392	2188	rundll32.exe	28
PID 2188 wrote to memory of 2392	2188	rundll32.exe	28
PID 2188 wrote to memory of 2392	2188	rundll32.exe	28
PID 2188 wrote to memory of 2392	2188	rundll32.exe	28
PID 2188 wrote to memory of 2392	2188	rundll32.exe	28
PID 2188 wrote to memory of 2392	2188	rundll32.exe	28
PID 2188 wrote to memory of 2392	2188	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13e93a9125414009ecc770457cdd41b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13e93a9125414009ecc770457cdd41b9.dll,#1
  2⤵
  PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads