2a7775406db956138ae7a2f10f9b97bfa1a5c2d5f065fdefeb4c0564121210ea | Triage

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 03:02

Sharing

Report Analysis Logs

General

Target

42992d9161efa4b0179d224b2069ccd4.dll
Size

222KB
MD5

42992d9161efa4b0179d224b2069ccd4
SHA1

17111e6255795cdb040ec9990a512b2e9bf36677
SHA256

2a7775406db956138ae7a2f10f9b97bfa1a5c2d5f065fdefeb4c0564121210ea
SHA512

7c6b3c188dd59baf3a538ff6c9ce119c8983bce7cdd7603f1565e084b4840383a556a93d273cdebe3e30b00cce4a349d12f96aaa2835ea676ef8eec89f01781c
SSDEEP

3072:vi/+TpLKSlMoq59hGUz2QR5ZIy0zc3bJVSC2/tuQBnYHFgKt:QMps3LZrUcaA

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1476	2216	rundll32.exe	28
PID 2216 wrote to memory of 1476	2216	rundll32.exe	28
PID 2216 wrote to memory of 1476	2216	rundll32.exe	28
PID 2216 wrote to memory of 1476	2216	rundll32.exe	28
PID 2216 wrote to memory of 1476	2216	rundll32.exe	28
PID 2216 wrote to memory of 1476	2216	rundll32.exe	28
PID 2216 wrote to memory of 1476	2216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42992d9161efa4b0179d224b2069ccd4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42992d9161efa4b0179d224b2069ccd4.dll,#1
  2⤵
  PID:1476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads