59cd648d8519ae67d7f3d6ee55aaa94b6f9f1715fcebad91b7bb1dc619e56ce8 | Triage

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:21

Sharing

Report Analysis Logs

General

Target

751464ab86683e35cd05ff700e73b0e3.dll
Size

136KB
MD5

751464ab86683e35cd05ff700e73b0e3
SHA1

fe964f20bd5547a652b1547c84340cb9898b6392
SHA256

59cd648d8519ae67d7f3d6ee55aaa94b6f9f1715fcebad91b7bb1dc619e56ce8
SHA512

0595eaba725bf8e60303e329ecb2f81ee16aec5a7121df93d9fecec4646d036d2ea11f54db38f6385df7af179bd1bb7df2ec166eaf6d5c87ae7b5f6efbf9b1c9
SSDEEP

3072:+yQ4SZRskUeaaZ/OlymWqno+nni1RTC9uO7logye:+yqUkUeaaclD5WRTOygr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 860	2232	rundll32.exe	28
PID 2232 wrote to memory of 860	2232	rundll32.exe	28
PID 2232 wrote to memory of 860	2232	rundll32.exe	28
PID 2232 wrote to memory of 860	2232	rundll32.exe	28
PID 2232 wrote to memory of 860	2232	rundll32.exe	28
PID 2232 wrote to memory of 860	2232	rundll32.exe	28
PID 2232 wrote to memory of 860	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\751464ab86683e35cd05ff700e73b0e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\751464ab86683e35cd05ff700e73b0e3.dll,#1
  2⤵
  PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads