42418e016c282edb15ce0f01b1bec98f07104810c3068f15178367ff7d7e91be

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7351da64c1ca4c2f0ad1b84f850f5675.dll
Size

47KB
MD5

7351da64c1ca4c2f0ad1b84f850f5675
SHA1

5f65c60c744c8376a20bf94c117574eb0173e9d2
SHA256

42418e016c282edb15ce0f01b1bec98f07104810c3068f15178367ff7d7e91be
SHA512

3421485d44df474bfde1a555b65dabf7bdbc12298a8462c02881ce941072079902ff2bbb09de3f6fb4213eca0b436e3de127e2917584c154b76a11ab92f78006
SSDEEP

768:pdWfAiQ22bswDeJcQQxjZkjW6Z3plWx8RTJjbE/eJYAfpit1:pdWfVQWwDeRYZP6Z3pEx8dJjeIxRin

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1588 wrote to memory of 1784	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1784	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1784	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1784	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1784	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1784	1588	rundll32.exe	rundll32.exe
PID 1588 wrote to memory of 1784	1588	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7351da64c1ca4c2f0ad1b84f850f5675.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1588

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7351da64c1ca4c2f0ad1b84f850f5675.dll,#1
2⤵
PID:1784

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-1-0x00000000001A0000-0x00000000001BE000-memory.dmp

Filesize
120KB

Download
memory/1784-0-0x0000000000190000-0x00000000001AE000-memory.dmp

Filesize
120KB

Download
memory/1784-2-0x0000000000190000-0x00000000001AE000-memory.dmp

Filesize
120KB

Download
memory/1784-3-0x00000000001A0000-0x00000000001BE000-memory.dmp

Filesize
120KB

Download
memory/1784-4-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download