7de34b228cc9adbba044a0a12c86e025e590f667e886f2f94c7d21c159b3b314 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 17:28

Sharing

Report Analysis Logs

General

Target

VM31BTXP.dll
Size

84KB
MD5

d7ae54a6fd9b68bcb2a94d6184e01d1c
SHA1

6a3bc9efec2d2c6ca29c7eb0692f8b2c02ba45d8
SHA256

151151e8f439c89790c5932f877e0d5d7d25492dc6d11eebc23ce371bc8b7ce6
SHA512

7727cd2e628cd9692fa8d21bafd49dae2cdeb4a7dd5e2b5abe573fbbde902ecb417e8b6e23084451775856ee19b5f96acc266def18f12278e4d537c3bcb2c8dd
SSDEEP

1536:ptUwUqOWfriefIB4CybuVsP7tGv5eOUL5CfMWaKga/DaBa4a+avajaoSafan:7UJWDG6C5y8k90J6O

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2248	2116	rundll32.exe	15
PID 2116 wrote to memory of 2248	2116	rundll32.exe	15
PID 2116 wrote to memory of 2248	2116	rundll32.exe	15
PID 2116 wrote to memory of 2248	2116	rundll32.exe	15
PID 2116 wrote to memory of 2248	2116	rundll32.exe	15
PID 2116 wrote to memory of 2248	2116	rundll32.exe	15
PID 2116 wrote to memory of 2248	2116	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VM31BTXP.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VM31BTXP.dll,#1
  2⤵
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads