11c09f21256dcba0730aa016f7423196a188c72ce8fcd0bb4ac305da7abe3c8e | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 17:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

659fb6b8ad53988986b5fdf2738a9e29.dll
Size

220KB
MD5

659fb6b8ad53988986b5fdf2738a9e29
SHA1

72782691cbaf26b517b3b32dd758115a9f47cc1b
SHA256

11c09f21256dcba0730aa016f7423196a188c72ce8fcd0bb4ac305da7abe3c8e
SHA512

229a6415fec72aaa98cedc7aca63c7507c8d78621e0836b910078b6d42f58f9b5e4dc84aff6504ed81371a51a838bed92886d0943a7d6100db5df1266130d865
SSDEEP

768:xeSJtXthyDMWiWYtCiFEMeYcBBQARQkQmpG0S:rJt9KMbtR2MeYcBBQARR

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2884	2580	rundll32.exe	28
PID 2580 wrote to memory of 2884	2580	rundll32.exe	28
PID 2580 wrote to memory of 2884	2580	rundll32.exe	28
PID 2580 wrote to memory of 2884	2580	rundll32.exe	28
PID 2580 wrote to memory of 2884	2580	rundll32.exe	28
PID 2580 wrote to memory of 2884	2580	rundll32.exe	28
PID 2580 wrote to memory of 2884	2580	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\659fb6b8ad53988986b5fdf2738a9e29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\659fb6b8ad53988986b5fdf2738a9e29.dll,#1
  2⤵
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads