ee004ef27f9b6c467a981a9fbc7cd80584146cd48d6936bb8714f16504028f59 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:06

Sharing

Report Analysis Logs

General

Target

2956e79b303a17297e9da277a7499c32.dll
Size

43KB
MD5

2956e79b303a17297e9da277a7499c32
SHA1

dcb9383e15e672734382d9be30e274fe3c525e5b
SHA256

ee004ef27f9b6c467a981a9fbc7cd80584146cd48d6936bb8714f16504028f59
SHA512

f9bc4422a0073509476b2cf17c08710eaad20c4b1c6d8099ed59bc8d8b320e398ec88ebae25496bf10ffedc8f862b123151fb59a1d63675d9e3019a8e0c97b5b
SSDEEP

768:xkc272CWd2Zwi6YNo0pVMJkLBFZi2Id8UiEFnfQR:x52CCYWr6oVM2fZi231

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2100	1384	rundll32.exe	28
PID 1384 wrote to memory of 2100	1384	rundll32.exe	28
PID 1384 wrote to memory of 2100	1384	rundll32.exe	28
PID 1384 wrote to memory of 2100	1384	rundll32.exe	28
PID 1384 wrote to memory of 2100	1384	rundll32.exe	28
PID 1384 wrote to memory of 2100	1384	rundll32.exe	28
PID 1384 wrote to memory of 2100	1384	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2956e79b303a17297e9da277a7499c32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2956e79b303a17297e9da277a7499c32.dll,#1
  2⤵
  PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2100-0-0x0000000003000000-0x0000000003026000-memory.dmp

Filesize
152KB

Download
memory/2100-1-0x0000000003000000-0x0000000003026000-memory.dmp

Filesize
152KB

Download
memory/2100-2-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2100-3-0x0000000003000000-0x0000000003026000-memory.dmp

Filesize
152KB

Download