0e484e6b43d828bd015ea8c27e2ca585006a517fef1372b5e130559cefb5a12b | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 02:27

Sharing

Report Analysis Logs

General

Target

7909ea7d13cb65dc24406073d8a21c95.dll
Size

28KB
MD5

7909ea7d13cb65dc24406073d8a21c95
SHA1

2badceaf33b88ac4aa5e58d90f776d38b38942b7
SHA256

0e484e6b43d828bd015ea8c27e2ca585006a517fef1372b5e130559cefb5a12b
SHA512

528248657d8650d4428f9c8cc32a5c28fadcaeb90cee190329562a829c9d4e4090be4accac7059fa25bac0fd8753948775ba030241c6f6490f6f9812590f729f
SSDEEP

384:dFVMlttLJhj0Z2/hHPhPWhYPt7gsTpH5NyZD5:eltdJd3HPhPWhYPtNJ7yZD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 936	2372	rundll32.exe	14
PID 2372 wrote to memory of 936	2372	rundll32.exe	14
PID 2372 wrote to memory of 936	2372	rundll32.exe	14
PID 2372 wrote to memory of 936	2372	rundll32.exe	14
PID 2372 wrote to memory of 936	2372	rundll32.exe	14
PID 2372 wrote to memory of 936	2372	rundll32.exe	14
PID 2372 wrote to memory of 936	2372	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7909ea7d13cb65dc24406073d8a21c95.dll,#1
1⤵
PID:936

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7909ea7d13cb65dc24406073d8a21c95.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads