2f9cc0d1d529ecd67c2c3236930130f6ce47113eb9b7611e4188c5ecb6240750 | Triage

Analysis

max time kernel
120s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 08:26

Sharing

Report Analysis Logs

General

Target

405efc4c3c40e62cfc17b5da9f5bbf27.dll
Size

50KB
MD5

405efc4c3c40e62cfc17b5da9f5bbf27
SHA1

0cf8eab46c9ed21d43077e311031cf8d3389f374
SHA256

2f9cc0d1d529ecd67c2c3236930130f6ce47113eb9b7611e4188c5ecb6240750
SHA512

9ffc26b7dc359d1be09b10f65d1bf7e8f4c371b862b7b9e6e61ed94bb82f5f7084557e8eb996eac13dd401d3095d4e0e82ca181ec9b8143db604a80c2f80bf34
SSDEEP

1536:y3idqXQVRA4vKlyivRFJQ5QnYnhTrR0GE8:koG4vUvPO5Q2R0H8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2224	1648	rundll32.exe	16
PID 1648 wrote to memory of 2224	1648	rundll32.exe	16
PID 1648 wrote to memory of 2224	1648	rundll32.exe	16
PID 1648 wrote to memory of 2224	1648	rundll32.exe	16
PID 1648 wrote to memory of 2224	1648	rundll32.exe	16
PID 1648 wrote to memory of 2224	1648	rundll32.exe	16
PID 1648 wrote to memory of 2224	1648	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\405efc4c3c40e62cfc17b5da9f5bbf27.dll,#1
1⤵
PID:2224

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\405efc4c3c40e62cfc17b5da9f5bbf27.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-0-0x0000000000160000-0x0000000000171000-memory.dmp

Filesize
68KB

Download