11b8a85e3af7898c23fcb8743f734f5ec569633082764cb6064ca914ea38c3fe | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 05:54

Sharing

Report Analysis Logs

General

Target

4833a9f63907c3e83481f879129a4156.dll
Size

72KB
MD5

4833a9f63907c3e83481f879129a4156
SHA1

caaf240ee9cc4e8fedc6f2c74bfdc5f8415cff7a
SHA256

11b8a85e3af7898c23fcb8743f734f5ec569633082764cb6064ca914ea38c3fe
SHA512

fe9ffd4ef883d6991fa1a01824e36638af712b916f8f619ded05142384ecd269a98daf75eed63d12a594a1a7504514a6cf6f812002339e071041f500c23151a4
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1752	1720	rundll32.exe	15
PID 1720 wrote to memory of 1752	1720	rundll32.exe	15
PID 1720 wrote to memory of 1752	1720	rundll32.exe	15
PID 1720 wrote to memory of 1752	1720	rundll32.exe	15
PID 1720 wrote to memory of 1752	1720	rundll32.exe	15
PID 1720 wrote to memory of 1752	1720	rundll32.exe	15
PID 1720 wrote to memory of 1752	1720	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4833a9f63907c3e83481f879129a4156.dll,#1
1⤵
PID:1752

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4833a9f63907c3e83481f879129a4156.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads