d443b3646e28c097e0d04cfe1e8f80b12201be9d368a7f47358ae11c95e4f454 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 04:47

Sharing

Report Analysis Logs

General

Target

4d5f5dddf4db0d22f1e66298504952c4.dll
Size

387KB
MD5

4d5f5dddf4db0d22f1e66298504952c4
SHA1

69a1a4317e26ca91de5e3c88f14f8d73c0614145
SHA256

d443b3646e28c097e0d04cfe1e8f80b12201be9d368a7f47358ae11c95e4f454
SHA512

e741eb5e0ec5eadd0e5b8a6135bf3be71965a1d8789ecc324b771f4175683f24ed5519fa11289f70299286d2a9fbba8e81fe2798e9f3398569254e08fddb6cea
SSDEEP

12288:qon74px8IwmMvMFpKIDhLhBPz3oiA3Az3ac:qoMLimM0bthZz3ac

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2944	2548	rundll32.exe	16
PID 2548 wrote to memory of 2944	2548	rundll32.exe	16
PID 2548 wrote to memory of 2944	2548	rundll32.exe	16
PID 2548 wrote to memory of 2944	2548	rundll32.exe	16
PID 2548 wrote to memory of 2944	2548	rundll32.exe	16
PID 2548 wrote to memory of 2944	2548	rundll32.exe	16
PID 2548 wrote to memory of 2944	2548	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d5f5dddf4db0d22f1e66298504952c4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d5f5dddf4db0d22f1e66298504952c4.dll,#1
  2⤵
  PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2944-2-0x0000000010000000-0x0000000010076000-memory.dmp

Filesize
472KB

Download
memory/2944-1-0x0000000010000000-0x0000000010076000-memory.dmp

Filesize
472KB

Download
memory/2944-0-0x0000000010000000-0x0000000010076000-memory.dmp

Filesize
472KB

Download
memory/2944-3-0x0000000010000000-0x0000000010076000-memory.dmp

Filesize
472KB

Download