25f502b7e693fa88bbbcc65d24d46d545e2ac386f8d03b9c9dc25d07610cc27b | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 06:52

Sharing

Report Analysis Logs

General

Target

76ad9b02b07b7160f2dff8a1370db39f.dll
Size

161KB
MD5

76ad9b02b07b7160f2dff8a1370db39f
SHA1

5cef5a10164c22ceb82daf3a8153827f4664f9b6
SHA256

25f502b7e693fa88bbbcc65d24d46d545e2ac386f8d03b9c9dc25d07610cc27b
SHA512

0c0445e07418a783ef1e7140ba2424784d3ec72ffadc9404c4744c4a6ed1f4b87ec2216511afc64ec8818ce1610d9eb8ba7ca56b18bfc6caed5c94e2eec9db36
SSDEEP

1536:gI0SnhAd267zs3zds0XgY0JYx5aNCrufsJ6vJY:D0SnuQuyH0JY7EKufsJ6vq

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 3032	3012	rundll32.exe	28
PID 3012 wrote to memory of 3032	3012	rundll32.exe	28
PID 3012 wrote to memory of 3032	3012	rundll32.exe	28
PID 3012 wrote to memory of 3032	3012	rundll32.exe	28
PID 3012 wrote to memory of 3032	3012	rundll32.exe	28
PID 3012 wrote to memory of 3032	3012	rundll32.exe	28
PID 3012 wrote to memory of 3032	3012	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76ad9b02b07b7160f2dff8a1370db39f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\76ad9b02b07b7160f2dff8a1370db39f.dll,#1
  2⤵
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads