ac9fb718a06f5ea046a5ce765f84c202c08c45814bcd10c9e74de3dfc8301878 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 14:10

Sharing

Report Analysis Logs

General

Target

InjectionLibrary.dll
Size

78KB
MD5

64ef546a5a013f36524507e7dfc70d09
SHA1

d6d0aabdc88b7a875fd666a65194e250cd9ef3e5
SHA256

7919342e61f58303b1efe7bc3f2a612b717d64069c45eb53f0193218821d0016
SHA512

b409aaaf770bf0ca436e66279a324158845cba04ad892bbe98c0e32e96faacf83108d5e5b2b51efb59c8a3fccb4476303af47408f1a26bd79b18008ceaa7cc6b
SSDEEP

1536:E2t6wUtyYiZdqESehfyNHhwTZNzTedgzmZLtQ/5i:7t6LMXZdkaKNHhwTZRTej9Y4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1304	2532	rundll32.exe	28
PID 2532 wrote to memory of 1304	2532	rundll32.exe	28
PID 2532 wrote to memory of 1304	2532	rundll32.exe	28
PID 2532 wrote to memory of 1304	2532	rundll32.exe	28
PID 2532 wrote to memory of 1304	2532	rundll32.exe	28
PID 2532 wrote to memory of 1304	2532	rundll32.exe	28
PID 2532 wrote to memory of 1304	2532	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\InjectionLibrary.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\InjectionLibrary.dll,#1
  2⤵
  PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads