02c92fa69801e908c523f594fcee232c8685f8e0afad57e0afcfcffb370f4fe4 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 08:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

79c718a15e64db55dc869869d29366c9.dll
Size

1KB
MD5

79c718a15e64db55dc869869d29366c9
SHA1

5fcf1c93dcf291fae7e1802c4fa161d5b35b24ce
SHA256

02c92fa69801e908c523f594fcee232c8685f8e0afad57e0afcfcffb370f4fe4
SHA512

fbec07eac4fb1e622dfd5e44966c1da82ef2b3f366acc381ce60a1ff8da6a38ded33a33084d5cb0c92272692ff13453396c4c4aca85b387d35ab49178e250231

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2180	2260	rundll32.exe	28
PID 2260 wrote to memory of 2180	2260	rundll32.exe	28
PID 2260 wrote to memory of 2180	2260	rundll32.exe	28
PID 2260 wrote to memory of 2180	2260	rundll32.exe	28
PID 2260 wrote to memory of 2180	2260	rundll32.exe	28
PID 2260 wrote to memory of 2180	2260	rundll32.exe	28
PID 2260 wrote to memory of 2180	2260	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79c718a15e64db55dc869869d29366c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79c718a15e64db55dc869869d29366c9.dll,#1
  2⤵
  PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads