38d95496ad16c35f4502a01d683b5d60b9307f5111d5e5f471fd6408f6f0b8f5 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 14:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4ba5906286240ad1488119195cd6ad8e.dll
Size

68KB
MD5

4ba5906286240ad1488119195cd6ad8e
SHA1

b9612c4b6c88611855504fb2dbd5095c1d9104cc
SHA256

38d95496ad16c35f4502a01d683b5d60b9307f5111d5e5f471fd6408f6f0b8f5
SHA512

1d28f92e8568921f46f7a019614ce966bed6391f3f40a95ac4d4c0f4f9c67e655b18357bc5220a8ad8dc9076a15f7b555e7fec0b6e4257c96893f2d6dc930b49
SSDEEP

1536:ScWniLoisRWgCMA2mEk0GQMINWK3d6QrKA:SpniUiaWPMqpTysKAiL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2148	2460	rundll32.exe	28
PID 2460 wrote to memory of 2148	2460	rundll32.exe	28
PID 2460 wrote to memory of 2148	2460	rundll32.exe	28
PID 2460 wrote to memory of 2148	2460	rundll32.exe	28
PID 2460 wrote to memory of 2148	2460	rundll32.exe	28
PID 2460 wrote to memory of 2148	2460	rundll32.exe	28
PID 2460 wrote to memory of 2148	2460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ba5906286240ad1488119195cd6ad8e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ba5906286240ad1488119195cd6ad8e.dll,#1
  2⤵
  PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-0-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download