7f91210a8dc7cab2ff2e4c5fab6e191c0889e1f3b385ec2f97a4bcbf56d7a4af | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:03

Sharing

Report Analysis Logs

General

Target

275d0a9592f613c47e5386d2e3f0325a.dll
Size

54KB
MD5

275d0a9592f613c47e5386d2e3f0325a
SHA1

232156f80c79d86dc8961d156007e1d74ed08b27
SHA256

7f91210a8dc7cab2ff2e4c5fab6e191c0889e1f3b385ec2f97a4bcbf56d7a4af
SHA512

45d3c6489ea72153eb84b1613248311a12e535b24c9b8799d5d7a4e63693cff9a0ef25aaae858ad8629c25f43ef9cf68b3e24721e42e4c12dcbec159f84002d2
SSDEEP

1536:emzqy1s1ZnWq9mHsf14qigQOFif6dbb42z:eQ1qRW5MfqRuFa0k2z

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3056	rundll32.exe
3056	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3056	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28
PID 1216 wrote to memory of 3056	1216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\275d0a9592f613c47e5386d2e3f0325a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\275d0a9592f613c47e5386d2e3f0325a.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3056-0-0x00000000001A0000-0x00000000001B1000-memory.dmp

Filesize
68KB

Download