b38e18f7055a8773a06fc900adf5f8361b12ecdf363f59ab54bd687594e54969 | Triage

Analysis

max time kernel
122s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 18:43

Sharing

Report Analysis Logs

General

Target

pwdmana/PswDll.dll
Size

49KB
MD5

47ec1fe0eb755b6b3a19fc9285a20da0
SHA1

778214fe2d2f941f5e4caae009038e880f32f308
SHA256

84fb508d44cfa2e2d66e682110df94929c95ff2c4065cabbb2c075cf0eee10e8
SHA512

41111877fc6e3526fcaf2d9d7a24e3108f8b1926c4d0d58f51f57009948dd7e9cf5c1145ee037687c276346f1b1ab73614ba1ebdddce05145c52896a4666ba73
SSDEEP

768:QspGfi5KuPPX01148HFuZaX7YiaeLKLCbmW/Nro6yjBAnDMZXl+vk:xfs1SA6U3+LCSWVrobKnYZXl+v

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2384	2028	rundll32.exe	27
PID 2028 wrote to memory of 2384	2028	rundll32.exe	27
PID 2028 wrote to memory of 2384	2028	rundll32.exe	27
PID 2028 wrote to memory of 2384	2028	rundll32.exe	27
PID 2028 wrote to memory of 2384	2028	rundll32.exe	27
PID 2028 wrote to memory of 2384	2028	rundll32.exe	27
PID 2028 wrote to memory of 2384	2028	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pwdmana\PswDll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\pwdmana\PswDll.dll,#1
  2⤵
  PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2384-0-0x0000000000160000-0x0000000000183000-memory.dmp

Filesize
140KB

Download