5891c5c8a271a445a3bee10ec9f90f8dc9be35d435a90e1eafdbf186fdf32342 | Triage

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 01:00

Sharing

Report Analysis Logs

General

Target

227208be0cd5bf25042f8d5b8e865dfc.dll
Size

136KB
MD5

227208be0cd5bf25042f8d5b8e865dfc
SHA1

207ac60f502c19f7ed01a491070003a55276cd5f
SHA256

5891c5c8a271a445a3bee10ec9f90f8dc9be35d435a90e1eafdbf186fdf32342
SHA512

35be83cbab3012b9faf60dca19bde7bc748b6163cb59c45406802281e3f0e356f2fea38b28f93f5c70eb5f96aec2df527d7e97bc7ff71a1366f7b740586dc3e3
SSDEEP

3072:hzjnfsD31Oc9H2DdIFV+KFQDR8Db+sSsofog8Zx:hzrC319oDoVAwb3Sz8x

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2480	2900	rundll32.exe	28
PID 2900 wrote to memory of 2480	2900	rundll32.exe	28
PID 2900 wrote to memory of 2480	2900	rundll32.exe	28
PID 2900 wrote to memory of 2480	2900	rundll32.exe	28
PID 2900 wrote to memory of 2480	2900	rundll32.exe	28
PID 2900 wrote to memory of 2480	2900	rundll32.exe	28
PID 2900 wrote to memory of 2480	2900	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\227208be0cd5bf25042f8d5b8e865dfc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\227208be0cd5bf25042f8d5b8e865dfc.dll,#1
  2⤵
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2480-1-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download
memory/2480-0-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download
memory/2480-5-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download
memory/2480-6-0x00000000001A0000-0x00000000001AA000-memory.dmp

Filesize
40KB

Download