7259cf616f474a5c096ab66b82225dcbc21a01b1e051e06d3fc438265d159eb4 | Triage

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 02:08

Sharing

Report Analysis Logs

General

Target

out.dll
Size

67KB
MD5

52529a1c1c7c27d035fbb221a46205a2
SHA1

6f1a155a82f6c6d0168530a86d9399e6666d8c97
SHA256

64905a9fe4b23551ebf9dce9d9dd215a984ba5dd43b6e6e432d7c5b3516a08d3
SHA512

0a5d7712122fa2db712179cc574c9fc727550fb639f7f083e26477f025cef003fe0b1f361cc429db3d1be241f9fb9136c2171b94b4f4e426032db5d92772b3c8
SSDEEP

1536:3AtzMG+p78mPwxvw3o2sPKDLPgC9KgC/:aMh0YIrT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2984	2976	rundll32.exe	28
PID 2976 wrote to memory of 2984	2976	rundll32.exe	28
PID 2976 wrote to memory of 2984	2976	rundll32.exe	28
PID 2976 wrote to memory of 2984	2976	rundll32.exe	28
PID 2976 wrote to memory of 2984	2976	rundll32.exe	28
PID 2976 wrote to memory of 2984	2976	rundll32.exe	28
PID 2976 wrote to memory of 2984	2976	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\out.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\out.dll,#1
  2⤵
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads