a0e28f0adaa9d94749ac87434c3d23339ace929ea9c549f2af2bccbd0c723e17 | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 05:42

Sharing

Report Analysis Logs

General

Target

iexpress/W95INF32.dll
Size

4KB
MD5

fd80a30e65c3b45e00011c937693cfa4
SHA1

8f2a7c47e1ba4eaa5f675f7c95aac80bda88c006
SHA256

6e790f1424b4b5c892e3f32c5234c628d4587f9908ab72f0a455aa539bfa94e3
SHA512

9fcf18719d4c6eecb98c9f5573e28f791b30c3063033ad05aef9be1dbd9722dd05ff260a47e7f300d332437572ab01063fdd5902618bf0156e9855bee2dfe672
SSDEEP

48:6j3ME+xFUdzya+afSWbvgFLCBZW3IeIfXNFk5WgF:NUya+aZv++PWWXNyWg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3012	2256	rundll32.exe	28
PID 2256 wrote to memory of 3012	2256	rundll32.exe	28
PID 2256 wrote to memory of 3012	2256	rundll32.exe	28
PID 2256 wrote to memory of 3012	2256	rundll32.exe	28
PID 2256 wrote to memory of 3012	2256	rundll32.exe	28
PID 2256 wrote to memory of 3012	2256	rundll32.exe	28
PID 2256 wrote to memory of 3012	2256	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\iexpress\W95INF32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\iexpress\W95INF32.dll,#1
  2⤵
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads