22a7bef820506413245fbf0ece3d5d69fe0d85865e6b2e2e146ac2aaa199a2bc | Triage

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 04:05

Sharing

Report Analysis Logs

General

Target

3fda19126ca1e7095a6fc6f2f98448e1.dll
Size

17KB
MD5

3fda19126ca1e7095a6fc6f2f98448e1
SHA1

9f4e83410bbf1a0e51338f3be6a0fa7808705506
SHA256

22a7bef820506413245fbf0ece3d5d69fe0d85865e6b2e2e146ac2aaa199a2bc
SHA512

f9fdf9e5aa4a4082be63f449b37fa9ef1ee4ffe58b13d9c87f1b0c1ff80457eed6dc589aa03613fa8c0e2d7617b0f02e05ac7b966b6f12ad488c533e59567ec9
SSDEEP

384:35pHHHZcmWSe1biMGxqATY4TZ3mR08FWGDnS:35JnZcmWcHx84TZ3NcS

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2088	2640	rundll32.exe	28
PID 2640 wrote to memory of 2088	2640	rundll32.exe	28
PID 2640 wrote to memory of 2088	2640	rundll32.exe	28
PID 2640 wrote to memory of 2088	2640	rundll32.exe	28
PID 2640 wrote to memory of 2088	2640	rundll32.exe	28
PID 2640 wrote to memory of 2088	2640	rundll32.exe	28
PID 2640 wrote to memory of 2088	2640	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda19126ca1e7095a6fc6f2f98448e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda19126ca1e7095a6fc6f2f98448e1.dll,#1
  2⤵
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-0-0x000000001A8C0000-0x000000001A8CD000-memory.dmp

Filesize
52KB

Download