e92419ecd13beafcc1de86d6c0d554f51b70db0cb01faf14069ba81d0d430621 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 07:07

Sharing

Report Analysis Logs

General

Target

2cbf5ffb2f873a9409fa15bd46ce957b.dll
Size

72KB
MD5

2cbf5ffb2f873a9409fa15bd46ce957b
SHA1

0dcf1ea995d4d39cfc06b542b9c8d98addba6423
SHA256

e92419ecd13beafcc1de86d6c0d554f51b70db0cb01faf14069ba81d0d430621
SHA512

738635015d381eb9f4e0ed8fc59a70c9dbc9daf70669238de69100535c8c1e38c334d2dac35209635530dd84366e865d8b16cb05ab4550c3f7b54890481bc420
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2880	2184	rundll32.exe	28
PID 2184 wrote to memory of 2880	2184	rundll32.exe	28
PID 2184 wrote to memory of 2880	2184	rundll32.exe	28
PID 2184 wrote to memory of 2880	2184	rundll32.exe	28
PID 2184 wrote to memory of 2880	2184	rundll32.exe	28
PID 2184 wrote to memory of 2880	2184	rundll32.exe	28
PID 2184 wrote to memory of 2880	2184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cbf5ffb2f873a9409fa15bd46ce957b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cbf5ffb2f873a9409fa15bd46ce957b.dll,#1
  2⤵
  PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads