f0e6c28dc38edb43d964e936c14b292d12c035c082925830ae4d61f590e567a2 | Triage

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 13:36

Sharing

Report Analysis Logs

General

Target

$0/basicscan.dll
Size

868KB
MD5

d71de1ac129a9957d2d7d62f61bb55b1
SHA1

327833bfb20517d7ef90ee76cc71dc484b3a941f
SHA256

447de5137b7d8b3cfb38617102db655a3a03074e4511b2387c94c099850a2322
SHA512

0b04e76a864872517a253b370fd5147117a1357def40fe3ad7c54ca5c5204f03e02b91a0656c21c668a94bec8d9c1651a041d7bde1c4718c829e8154e9686285
SSDEEP

24576:JxSdQZsQZQa97UdrsxxQQDGriSSapxfPmAU:2dQdZB7Cr4YSaDpU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2036	1664	rundll32.exe	28
PID 1664 wrote to memory of 2036	1664	rundll32.exe	28
PID 1664 wrote to memory of 2036	1664	rundll32.exe	28
PID 1664 wrote to memory of 2036	1664	rundll32.exe	28
PID 1664 wrote to memory of 2036	1664	rundll32.exe	28
PID 1664 wrote to memory of 2036	1664	rundll32.exe	28
PID 1664 wrote to memory of 2036	1664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\basicscan.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$0\basicscan.dll,#1
  2⤵
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads