afd677937f10cb9cc1c4018a88017c174ebcead0d82d510c3c8f724d724053e1 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 16:40

Sharing

Report Analysis Logs

General

Target

700c6a64469320711cf7727425a65812.dll
Size

104KB
MD5

700c6a64469320711cf7727425a65812
SHA1

689f2790a2c3ed2508b7d63cde54c1120a953a0f
SHA256

afd677937f10cb9cc1c4018a88017c174ebcead0d82d510c3c8f724d724053e1
SHA512

f5284b973e3101d9c6bb86bbb5baa11a67ca068d2070fe4b90cde81ef7c0f3479b832ffdf202ac056c317a7dbe245bd6ca7d8652c73ce0b040dce0886d9cc1fd
SSDEEP

3072:vdty9IqRVzoBMqqDLy/afxgzsuOVVFlkJHay0z:ny9IEDqqDLuUecVfQU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28
PID 1032 wrote to memory of 2932	1032	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\700c6a64469320711cf7727425a65812.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\700c6a64469320711cf7727425a65812.dll,#1
  2⤵
  PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-1-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/2932-0-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download
memory/2932-5-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download
memory/2932-6-0x0000000000130000-0x000000000013A000-memory.dmp

Filesize
40KB

Download