b2dc199bb25741d4d5ab2f72ea7c3abed350a60136da2da2ee7d8264bd773186 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:40

Sharing

Report Analysis Logs

General

Target

2a65edccf04a32bd04ec1c0208019999.dll
Size

101KB
MD5

2a65edccf04a32bd04ec1c0208019999
SHA1

847e4ff5fdec5278d8217c108511ca9909ef1b63
SHA256

b2dc199bb25741d4d5ab2f72ea7c3abed350a60136da2da2ee7d8264bd773186
SHA512

8446fcb7c56fa48cd140ec31745da0c6dabf8e0941835b9c065264d79b0d74ac90012ab1a05d6dacb484868d4f0f38900d2139c87a4d1069bea7289231fedd54
SSDEEP

3072:IDwV3fYOCWU5vgLl4537jvAwf8Hpv4Fdn:IQvKz5My53vvAwf8Obn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28
PID 3032 wrote to memory of 3044	3032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a65edccf04a32bd04ec1c0208019999.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a65edccf04a32bd04ec1c0208019999.dll,#1
  2⤵
  PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads