6679eca68a95ced06e14dd0642423684190625b42b50de00707e363a1f847e61 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 22:33

Sharing

Report Analysis Logs

General

Target

4214a33457e6361322b686fe44aecd34.dll
Size

238KB
MD5

4214a33457e6361322b686fe44aecd34
SHA1

0a37ad356509fdafff7a78f899985da5dc79a4d4
SHA256

6679eca68a95ced06e14dd0642423684190625b42b50de00707e363a1f847e61
SHA512

0ae983f424288b70cee1ab9c9340a8e1f9078a6cd51d5844674737daea0e53d9743b958ac6b18dfb5531ee254d680443f979ae5dee4b78fadf6319b9fdf105a4
SSDEEP

6144:ZPz1XhyGpBGeG6bxKl+5NPj7zn2mMmOJ5Fon06tR7ICH:FKUB1vNL2Z5Sn/7IC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2084	2052	rundll32.exe	14
PID 2052 wrote to memory of 2084	2052	rundll32.exe	14
PID 2052 wrote to memory of 2084	2052	rundll32.exe	14
PID 2052 wrote to memory of 2084	2052	rundll32.exe	14
PID 2052 wrote to memory of 2084	2052	rundll32.exe	14
PID 2052 wrote to memory of 2084	2052	rundll32.exe	14
PID 2052 wrote to memory of 2084	2052	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4214a33457e6361322b686fe44aecd34.dll,#1
1⤵
PID:2084

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4214a33457e6361322b686fe44aecd34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2084-2-0x00000000001A0000-0x00000000001DD000-memory.dmp

Filesize
244KB

Download
memory/2084-0-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download
memory/2084-3-0x00000000001A0000-0x00000000001A6000-memory.dmp

Filesize
24KB

Download