99c7b17585f32eb0a55c5ec61513234ce70432c726a9b5625ec62d3d3055d54f | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 04:45

Sharing

Report Analysis Logs

General

Target

5a519576ea18d75580a1343f8e32cb83.dll
Size

29KB
MD5

5a519576ea18d75580a1343f8e32cb83
SHA1

9cb7ca350fbd67c869bb3c93fbef2e3b14089379
SHA256

99c7b17585f32eb0a55c5ec61513234ce70432c726a9b5625ec62d3d3055d54f
SHA512

6f5deae4d7165e8acde94b83fcfa4c9b6e0a490d44824d033a234afdb3ccaca80a5c6c575ebb301c9f02dd93836b76df609f8ed1075da148c3eb73fa635e057a
SSDEEP

768:4mlX9clAdXCVrIRxExd/aqdAkqNGRbZIgXBCFoaGh:4UkVrmqd/aUAkqsRbaY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1388	3052	rundll32.exe	28
PID 3052 wrote to memory of 1388	3052	rundll32.exe	28
PID 3052 wrote to memory of 1388	3052	rundll32.exe	28
PID 3052 wrote to memory of 1388	3052	rundll32.exe	28
PID 3052 wrote to memory of 1388	3052	rundll32.exe	28
PID 3052 wrote to memory of 1388	3052	rundll32.exe	28
PID 3052 wrote to memory of 1388	3052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a519576ea18d75580a1343f8e32cb83.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a519576ea18d75580a1343f8e32cb83.dll,#1
  2⤵
  PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-0-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download
memory/1388-1-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download