c413936196daeeb1fa6c04dd153a97910b6ca0ea2e87cb423670cffbb2d79ac2 | Triage

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 21:31

Sharing

Report Analysis Logs

General

Target

49d202658d6d7810940166ba6ef9e4ff.dll
Size

56KB
MD5

49d202658d6d7810940166ba6ef9e4ff
SHA1

883fb80fdb1433c8cc61cfd74f6b726e75c52ee1
SHA256

c413936196daeeb1fa6c04dd153a97910b6ca0ea2e87cb423670cffbb2d79ac2
SHA512

be7ed7a952a5ed4b5356322d954a6fda87f4cdd180132cb3dc70d655c2a31fa41ecc0772bd23c60012deaa199fbbdbbe67c74b499d0a4a8684cfffe25b540441
SSDEEP

768:JpON/xpyeAXo9aq8vNH1P3URpFTTRc1zo3IHAe:yN/CpoHkd16tpF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 3048	1512	rundll32.exe	28
PID 1512 wrote to memory of 3048	1512	rundll32.exe	28
PID 1512 wrote to memory of 3048	1512	rundll32.exe	28
PID 1512 wrote to memory of 3048	1512	rundll32.exe	28
PID 1512 wrote to memory of 3048	1512	rundll32.exe	28
PID 1512 wrote to memory of 3048	1512	rundll32.exe	28
PID 1512 wrote to memory of 3048	1512	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49d202658d6d7810940166ba6ef9e4ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49d202658d6d7810940166ba6ef9e4ff.dll,#1
  2⤵
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads