eb118af21c390163ee684f70f3aa9f4fdc4c599a0d627656c8e6bf76093bf782

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:19

Target

2174753141ce9552c240e5d4f4569fba.dll
Size

60KB
MD5

2174753141ce9552c240e5d4f4569fba
SHA1

e855128c72e23c57d928c158d5f8a95626a6999a
SHA256

eb118af21c390163ee684f70f3aa9f4fdc4c599a0d627656c8e6bf76093bf782
SHA512

e0eceff4ac507bcb4d6b7188af2997a4b8f6cf58390e5025b3460b97e170ac2a473d704cf1e2d2a96efe0485c3e6a007b10883b9cbb747e7e60b2ecbec61731b
SSDEEP

768:l5T2umehK9Bd0hlisFlgef63r7J+OQB2QOyJkeghQ:l5THhK9BMaeSR+OQFOBS

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3032	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 3032	2992	rundll32.exe	28
PID 2992 wrote to memory of 3032	2992	rundll32.exe	28
PID 2992 wrote to memory of 3032	2992	rundll32.exe	28
PID 2992 wrote to memory of 3032	2992	rundll32.exe	28
PID 2992 wrote to memory of 3032	2992	rundll32.exe	28
PID 2992 wrote to memory of 3032	2992	rundll32.exe	28
PID 2992 wrote to memory of 3032	2992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2174753141ce9552c240e5d4f4569fba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2174753141ce9552c240e5d4f4569fba.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3032-0-0x0000000000120000-0x0000000000128000-memory.dmp

Filesize
32KB

Download
memory/3032-3-0x0000000000120000-0x0000000000128000-memory.dmp

Filesize
32KB

Download