67cda8da433c3add5d68ffa2c6f4f86291fe602ae2417d2e9646ad560d1ae16b | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 21:31

Sharing

Report Analysis Logs

General

Target

54a1ca89d020cea756e07902e1dc4b7f.dll
Size

110KB
MD5

54a1ca89d020cea756e07902e1dc4b7f
SHA1

43171929a6c54379d47d308b2ffadc39ab586b5e
SHA256

67cda8da433c3add5d68ffa2c6f4f86291fe602ae2417d2e9646ad560d1ae16b
SHA512

80cf77fe72db5fcf610f91b5ba3c10ee15ddd5ed5f3689e94f38004977875be70cc37f778ebfe73d864a056b8d48c91c38e4520366839aa168f911c41267388c
SSDEEP

3072:j7SnjedSk6M2jPm5EV/v8FBH1hze4nz1sk3:jqeck6MOPpKFBVleMz1sk3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3040	3020	rundll32.exe	14
PID 3020 wrote to memory of 3040	3020	rundll32.exe	14
PID 3020 wrote to memory of 3040	3020	rundll32.exe	14
PID 3020 wrote to memory of 3040	3020	rundll32.exe	14
PID 3020 wrote to memory of 3040	3020	rundll32.exe	14
PID 3020 wrote to memory of 3040	3020	rundll32.exe	14
PID 3020 wrote to memory of 3040	3020	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54a1ca89d020cea756e07902e1dc4b7f.dll,#1
1⤵
PID:3040

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54a1ca89d020cea756e07902e1dc4b7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads