d26d7b93ae50d2daa03941f2f00af4a0c225a5d1584c0dd101a5d821aea92999 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 03:10

Sharing

Report Analysis Logs

General

Target

SSWv6.90.dll
Size

24KB
MD5

bb672eea322db19ee84328f56aa61344
SHA1

99d4cc63788097443213949f783b536b636d9629
SHA256

aa98ade722e70d03649ea0c42e27ca2a55fbe30d2c782d179fa7e4e20f71153c
SHA512

70ad3ee0745132fac4567d9415dc4d058d426a98d3ded7595e2e683fa3baf1be5d1456f742b274e90ea97f3bd2359b790ff6b72e15b20056e2a429bf414bd385
SSDEEP

96:91eKd7z7z8F9ZjMAYCZBzwltovkT66SXbI1wp/3O7j9U/o9ri9afc2Y18ko+CT:B/8RsCZRYKoSsPj5iwk2TR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2044	1516	rundll32.exe	14
PID 1516 wrote to memory of 2044	1516	rundll32.exe	14
PID 1516 wrote to memory of 2044	1516	rundll32.exe	14
PID 1516 wrote to memory of 2044	1516	rundll32.exe	14
PID 1516 wrote to memory of 2044	1516	rundll32.exe	14
PID 1516 wrote to memory of 2044	1516	rundll32.exe	14
PID 1516 wrote to memory of 2044	1516	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SSWv6.90.dll,#1
1⤵
PID:2044

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SSWv6.90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-0-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download