d169b3275a823c8c3bf9862aceb689eef82934346086c5bfae582c597f384b1b | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 18:48

Sharing

Report Analysis Logs

General

Target

442c1b5764825a6bcf22dead3e36b1b2.dll
Size

32KB
MD5

442c1b5764825a6bcf22dead3e36b1b2
SHA1

ac516d156ae44069f7a4f372b1fd80c6ff4df354
SHA256

d169b3275a823c8c3bf9862aceb689eef82934346086c5bfae582c597f384b1b
SHA512

272c27b922973d5a92e3740d9ac09a264c6ca92745f6f4002ddaf97387a9196e10c1b64b1e871e8b38d6217c6da100ed9b7537138015ecf4053586332640a7f9
SSDEEP

768:timk3ICoyb1VUWMR4XE3zQOwum4jnFlXmB19XXkGD:tkh7VvMRzKhwnFlXE9Xp

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2928	2924	rundll32.exe	16
PID 2924 wrote to memory of 2928	2924	rundll32.exe	16
PID 2924 wrote to memory of 2928	2924	rundll32.exe	16
PID 2924 wrote to memory of 2928	2924	rundll32.exe	16
PID 2924 wrote to memory of 2928	2924	rundll32.exe	16
PID 2924 wrote to memory of 2928	2924	rundll32.exe	16
PID 2924 wrote to memory of 2928	2924	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\442c1b5764825a6bcf22dead3e36b1b2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\442c1b5764825a6bcf22dead3e36b1b2.dll,#1
  2⤵
  PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2928-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2928-3-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2928-2-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2928-1-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download