bcf9c21926234319ee9e06fe2bfdb63cdd4072aa17d04e55536c265cdaca7552 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 18:37

Sharing

Report Analysis Logs

General

Target

5733dc7076fbc09b2b271c24db171f85.dll
Size

27KB
MD5

5733dc7076fbc09b2b271c24db171f85
SHA1

d04b40d843b13e1111f1c9b69ee60bce7092b4fa
SHA256

bcf9c21926234319ee9e06fe2bfdb63cdd4072aa17d04e55536c265cdaca7552
SHA512

d5b9e7a1c51211ed63d11650e0bbaab3e6119d4eaad4fa2fa7e446f89ee4771cdf83bda8150d5a87d58a284bbdb4afd48bb401f077e9470a7b6431b4533f1d95
SSDEEP

768:SBgg8QCnsNgTzj+ogN4jw5wQ48PfPEultq0Pt:SBmQxeSxblU0Pt

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2316	2384	rundll32.exe	28
PID 2384 wrote to memory of 2316	2384	rundll32.exe	28
PID 2384 wrote to memory of 2316	2384	rundll32.exe	28
PID 2384 wrote to memory of 2316	2384	rundll32.exe	28
PID 2384 wrote to memory of 2316	2384	rundll32.exe	28
PID 2384 wrote to memory of 2316	2384	rundll32.exe	28
PID 2384 wrote to memory of 2316	2384	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5733dc7076fbc09b2b271c24db171f85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5733dc7076fbc09b2b271c24db171f85.dll,#1
  2⤵
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads