cb8e76ebca92e7ea4d24b21064398a9a18b7ba95c43dbd42c2ff9127d36490f7 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:36

Sharing

Report Analysis Logs

General

Target

2a3e16b30379d9f0f8b214c96741e7b3.dll
Size

17KB
MD5

2a3e16b30379d9f0f8b214c96741e7b3
SHA1

fb4cd18a3f5aeaec6d8c19c7873164651d7e7329
SHA256

cb8e76ebca92e7ea4d24b21064398a9a18b7ba95c43dbd42c2ff9127d36490f7
SHA512

2dcd0fe5f8c5c8e8dab316faf69aadf2f0de27e34f3cf8c1ffde8877764b433600504c6c195bd2d7578948fda39b743f139791d0a517727135f834ea6f215995
SSDEEP

384:H2r864GLA9utiZ6Rk3RqKD++kLLoS9xqJ2I0hFtLIHQM:WrOG1iZ6jd+kcA81

Score

1^/10

Malware Config

Signatures

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
484	Process not Found

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2080	1708	rundll32.exe	14
PID 1708 wrote to memory of 2080	1708	rundll32.exe	14
PID 1708 wrote to memory of 2080	1708	rundll32.exe	14
PID 1708 wrote to memory of 2080	1708	rundll32.exe	14
PID 1708 wrote to memory of 2080	1708	rundll32.exe	14
PID 1708 wrote to memory of 2080	1708	rundll32.exe	14
PID 1708 wrote to memory of 2080	1708	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a3e16b30379d9f0f8b214c96741e7b3.dll,#1
1⤵
PID:2080

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a3e16b30379d9f0f8b214c96741e7b3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x0000000025000000-0x0000000025020000-memory.dmp

Filesize
128KB

Download