cf99767a7fa958c313a134f5bc9b91b45a75ff70e68a0a3583b365597267c827 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:33

Sharing

Report Analysis Logs

General

Target

18a2c170d1bac142fb628b52ee491d06.dll
Size

32KB
MD5

18a2c170d1bac142fb628b52ee491d06
SHA1

f0a5e09419bd9620026ac0920372521e119efa5d
SHA256

cf99767a7fa958c313a134f5bc9b91b45a75ff70e68a0a3583b365597267c827
SHA512

2a06fb2148368bff1363902c61720a289adbca3bc569f32ebeaccbcfc099f3f49496568faeafe5e7dc198f90c1db72add6203ce9f9c69cfdda03d363f3f299d1
SSDEEP

768:ID1/bMP6LQtyBupFI7xf37/A/xIShVDDRk63k/K:S1/bMP6kAuQ1f7/AbHPRWy

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1712	2216	rundll32.exe	28
PID 2216 wrote to memory of 1712	2216	rundll32.exe	28
PID 2216 wrote to memory of 1712	2216	rundll32.exe	28
PID 2216 wrote to memory of 1712	2216	rundll32.exe	28
PID 2216 wrote to memory of 1712	2216	rundll32.exe	28
PID 2216 wrote to memory of 1712	2216	rundll32.exe	28
PID 2216 wrote to memory of 1712	2216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18a2c170d1bac142fb628b52ee491d06.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18a2c170d1bac142fb628b52ee491d06.dll,#1
  2⤵
  PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads