e9ebfd5b875087f1206616da36e7b00be55313d86fc69d8c013fb07c2711eb0c | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:05

Sharing

Report Analysis Logs

General

Target

3737868bf9c6c9019263f76733a78513.dll
Size

30KB
MD5

3737868bf9c6c9019263f76733a78513
SHA1

bba72148a20ce8ac5944b1e7789d7d1a130ea65e
SHA256

e9ebfd5b875087f1206616da36e7b00be55313d86fc69d8c013fb07c2711eb0c
SHA512

2b0f5a05c2d107f65d08ee957aa44ce6603d2e6de69c6610dc0e7c2fb3b5982953dfacfc3551cd22af36c4e8839d0e451aeed84a31f303cc6588167570d28f7e
SSDEEP

384:PU2Mq9NTZFEkWYwD/l5FL/vOwUbFuJPQkq0:PU2M8L1ondFUMCe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1612	1736	rundll32.exe	16
PID 1736 wrote to memory of 1612	1736	rundll32.exe	16
PID 1736 wrote to memory of 1612	1736	rundll32.exe	16
PID 1736 wrote to memory of 1612	1736	rundll32.exe	16
PID 1736 wrote to memory of 1612	1736	rundll32.exe	16
PID 1736 wrote to memory of 1612	1736	rundll32.exe	16
PID 1736 wrote to memory of 1612	1736	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3737868bf9c6c9019263f76733a78513.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3737868bf9c6c9019263f76733a78513.dll,#1
  2⤵
  PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1612-2-0x0000000074E20000-0x0000000074E3C000-memory.dmp

Filesize
112KB

Download
memory/1612-1-0x0000000074DE0000-0x0000000074DFC000-memory.dmp

Filesize
112KB

Download
memory/1612-0-0x0000000074E20000-0x0000000074E3C000-memory.dmp

Filesize
112KB

Download
memory/1612-3-0x0000000074DE0000-0x0000000074DFC000-memory.dmp

Filesize
112KB

Download