04fb65ba9b7d80018f2bc781eda25e7ae1075d9d2148c5b9d3af16b93ed510ba | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 11:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7215729c5337181df04cf9c57159ceec.dll
Size

36KB
MD5

7215729c5337181df04cf9c57159ceec
SHA1

42e0c3cf758a35c464aae69a8db6715a333790d4
SHA256

04fb65ba9b7d80018f2bc781eda25e7ae1075d9d2148c5b9d3af16b93ed510ba
SHA512

e5270ee1672866145f9dc90077aa2df4a4263a28aa2fffaeda5f14d75d70c7844bc52a26475f0c74f9ed3300ce54ba7881fe7050810902fb791c2d7bd972d573
SSDEEP

768:c0KE9HTVwTrLyhjpFYWPqigBBQARQkdlKVDuDg:RKE9HMrGhpFPqigBBQARNSuD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2400	2396	rundll32.exe	28
PID 2396 wrote to memory of 2400	2396	rundll32.exe	28
PID 2396 wrote to memory of 2400	2396	rundll32.exe	28
PID 2396 wrote to memory of 2400	2396	rundll32.exe	28
PID 2396 wrote to memory of 2400	2396	rundll32.exe	28
PID 2396 wrote to memory of 2400	2396	rundll32.exe	28
PID 2396 wrote to memory of 2400	2396	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7215729c5337181df04cf9c57159ceec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7215729c5337181df04cf9c57159ceec.dll,#1
  2⤵
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads