0c18f794e55f9ac2ce73efa27286c18df90630e02d4ceb6b88300573917adaf0 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 05:21

Sharing

Report Analysis Logs

General

Target

52a478b0712258586ff4f3b62b3e15cf.dll
Size

72KB
MD5

52a478b0712258586ff4f3b62b3e15cf
SHA1

9dea479c00ee86bd4ed411ebd825abf7fc1fe5d2
SHA256

0c18f794e55f9ac2ce73efa27286c18df90630e02d4ceb6b88300573917adaf0
SHA512

6c28e8e6452f5a731dee2ec33d4b58c52460fa49d34ac4d29ec0d2425578b454baaffc914b20930a759e6da4fe83b4a880bba409af64b96f3d3ec5be1511a85a
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 1888	1660	rundll32.exe	14
PID 1660 wrote to memory of 1888	1660	rundll32.exe	14
PID 1660 wrote to memory of 1888	1660	rundll32.exe	14
PID 1660 wrote to memory of 1888	1660	rundll32.exe	14
PID 1660 wrote to memory of 1888	1660	rundll32.exe	14
PID 1660 wrote to memory of 1888	1660	rundll32.exe	14
PID 1660 wrote to memory of 1888	1660	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52a478b0712258586ff4f3b62b3e15cf.dll,#1
1⤵
PID:1888

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52a478b0712258586ff4f3b62b3e15cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads