229eca18ede2bfeb37278806b2a6056e6535a8ba2835dc78cc75024e814a02b9 | Triage

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:12

Sharing

Report Analysis Logs

General

Target

157f762fe71b3e5b1544ec04b1ef8631.dll
Size

1.1MB
MD5

157f762fe71b3e5b1544ec04b1ef8631
SHA1

860e8272c587beb2d46f70d235d02763312400bf
SHA256

229eca18ede2bfeb37278806b2a6056e6535a8ba2835dc78cc75024e814a02b9
SHA512

5de460a012d79b97bff0ae017cf66c71c4f61e91351e36a8962297140c9e446b71db0ca5a056ae2ef5e433c95ed59bb21f807e5df654dfe5e4c6fbbf4df87957
SSDEEP

24576:blzPWORcIblv5ugu+pS0+M3tb0pvaep5ZghNe:NPWqceBugu/0J3tCieDQe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2984	3016	rundll32.exe	28
PID 3016 wrote to memory of 2984	3016	rundll32.exe	28
PID 3016 wrote to memory of 2984	3016	rundll32.exe	28
PID 3016 wrote to memory of 2984	3016	rundll32.exe	28
PID 3016 wrote to memory of 2984	3016	rundll32.exe	28
PID 3016 wrote to memory of 2984	3016	rundll32.exe	28
PID 3016 wrote to memory of 2984	3016	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\157f762fe71b3e5b1544ec04b1ef8631.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\157f762fe71b3e5b1544ec04b1ef8631.dll,#1
  2⤵
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads