f100b4282cd77633429a0f605c8d5739324387e593c862e0179536a47a338a12 | Triage

Analysis

max time kernel
0s
max time network
2s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 10:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

48b1d975ef1033b1a710d2c0db07fb3a.dll
Size

100KB
MD5

48b1d975ef1033b1a710d2c0db07fb3a
SHA1

11e02185b68f1f5195bde413d44b2312c9268c2d
SHA256

f100b4282cd77633429a0f605c8d5739324387e593c862e0179536a47a338a12
SHA512

3ac6f5d74975c58b1ff78c9663df7902b83664eb1cd2f9ecb66da55dc14a313c9924b1727165420a8bb2c7f21dd2ea4e94f7bf3fd3cdcdbf9cf416e10e3ec172
SSDEEP

1536:enubDsGXYf4K/Q3cqqn35E4XAJB+flOLt:e8tIf4/qp/wJB+flSt

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2320	2312	rundll32.exe	28
PID 2312 wrote to memory of 2320	2312	rundll32.exe	28
PID 2312 wrote to memory of 2320	2312	rundll32.exe	28
PID 2312 wrote to memory of 2320	2312	rundll32.exe	28
PID 2312 wrote to memory of 2320	2312	rundll32.exe	28
PID 2312 wrote to memory of 2320	2312	rundll32.exe	28
PID 2312 wrote to memory of 2320	2312	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48b1d975ef1033b1a710d2c0db07fb3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48b1d975ef1033b1a710d2c0db07fb3a.dll,#1
  2⤵
  PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2320-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2320-1-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2320-2-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download