73a75cbf7029b38a9b24797e46d566ad4721ffcd376895288b4369ca45f61c61 | Triage

Analysis

max time kernel
119s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17cbef3cb448461adacfa97ed8040a1f.dll
Size

24KB
MD5

17cbef3cb448461adacfa97ed8040a1f
SHA1

d724e8627a246931e687589a2a652c7304f2bf56
SHA256

73a75cbf7029b38a9b24797e46d566ad4721ffcd376895288b4369ca45f61c61
SHA512

dbdeba0f8ee79bd981a19a411b7cf8e2d2203f53d9d102db2d318cc3aef8b0eb6e0e9aa7b64d915d5a28ae59fab6f781b405b3cd89f12ba55c034ac9de7045a8
SSDEEP

768:F5jiYNtmH4HADgdHJbx9rL9mHpz4o6uGny:F5jiYNtmH+s6By

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2512	1104	rundll32.exe	28
PID 1104 wrote to memory of 2512	1104	rundll32.exe	28
PID 1104 wrote to memory of 2512	1104	rundll32.exe	28
PID 1104 wrote to memory of 2512	1104	rundll32.exe	28
PID 1104 wrote to memory of 2512	1104	rundll32.exe	28
PID 1104 wrote to memory of 2512	1104	rundll32.exe	28
PID 1104 wrote to memory of 2512	1104	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17cbef3cb448461adacfa97ed8040a1f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17cbef3cb448461adacfa97ed8040a1f.dll,#1
  2⤵
  PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads