db7fa476d7fcee8efc8d90e07bf8f21ee08773ec53db1e45a678a0e46782ff34 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:21

Sharing

Report Analysis Logs

General

Target

29ce24c604c128b3c8a5d9f970217c8d.dll
Size

60KB
MD5

29ce24c604c128b3c8a5d9f970217c8d
SHA1

e2ac676c12c9c3cd3afa17b5b35fc263ee02cdf1
SHA256

db7fa476d7fcee8efc8d90e07bf8f21ee08773ec53db1e45a678a0e46782ff34
SHA512

67db6a33dad2c086076b5f5d5c5b77d61c584ccd8333675c0be0010fdce1c17c8b96436fec0e1c98a109823dc4170383f32e7b044f3c12fdca820863993f4384
SSDEEP

1536:2/TRxi5II7kC3AbnUoPFTZ/rjMiYom55:227kyADUEFTZ/vMiYom55

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1720	1936	rundll32.exe	14
PID 1936 wrote to memory of 1720	1936	rundll32.exe	14
PID 1936 wrote to memory of 1720	1936	rundll32.exe	14
PID 1936 wrote to memory of 1720	1936	rundll32.exe	14
PID 1936 wrote to memory of 1720	1936	rundll32.exe	14
PID 1936 wrote to memory of 1720	1936	rundll32.exe	14
PID 1936 wrote to memory of 1720	1936	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29ce24c604c128b3c8a5d9f970217c8d.dll,#1
1⤵
PID:1720

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29ce24c604c128b3c8a5d9f970217c8d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1720-1-0x0000000000110000-0x000000000012B000-memory.dmp

Filesize
108KB

Download
memory/1720-0-0x0000000000110000-0x000000000012B000-memory.dmp

Filesize
108KB

Download