2e8d3972c57395d4c491b14dd8924637463a60f5c15edc889b9c80eb5bf41bce | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 00:47

Sharing

Report Analysis Logs

General

Target

5215bee27cceb1de7730a247f0922a34.dll
Size

72KB
MD5

5215bee27cceb1de7730a247f0922a34
SHA1

5a7324d2f529af8c231e897160f27deb7edd94c9
SHA256

2e8d3972c57395d4c491b14dd8924637463a60f5c15edc889b9c80eb5bf41bce
SHA512

abf902b94d4c23e30de200d6a3c2193e8dac954428991a6897d21d5625704c2eb902eb4851923cbab651f2b049d9efdb0e0ef57e8310447ee7b456cdd4558c58
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1572	2476	rundll32.exe	16
PID 2476 wrote to memory of 1572	2476	rundll32.exe	16
PID 2476 wrote to memory of 1572	2476	rundll32.exe	16
PID 2476 wrote to memory of 1572	2476	rundll32.exe	16
PID 2476 wrote to memory of 1572	2476	rundll32.exe	16
PID 2476 wrote to memory of 1572	2476	rundll32.exe	16
PID 2476 wrote to memory of 1572	2476	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5215bee27cceb1de7730a247f0922a34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5215bee27cceb1de7730a247f0922a34.dll,#1
  2⤵
  PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads