211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 13:45

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/t1.dll
Size

4KB
MD5

058ba8a0916d957d3b91d08ea2e876e2
SHA1

1a7c36c50c5bd93f535b624a2882bc3905e7e7f3
SHA256

510af8083c0eef8b04e1171a9d6d94c64a1859701bbb106c565d2ec869437661
SHA512

24124b45bf42e186a06fcb71ca7e2c1fed3b762b681286185d7cdff53b3800c35b6326a6f21c82e9de59d8bbcb3fdab4a5c1cc9c8683e43ff230b07913d26f02
SSDEEP

48:a/1/wEVQWsasy/372nPbws6KcSCcqGTN5gXwvl9g6P:81/wise/37upcpcqGh5gs

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2112	2088	rundll32.exe	28
PID 2088 wrote to memory of 2112	2088	rundll32.exe	28
PID 2088 wrote to memory of 2112	2088	rundll32.exe	28
PID 2088 wrote to memory of 2112	2088	rundll32.exe	28
PID 2088 wrote to memory of 2112	2088	rundll32.exe	28
PID 2088 wrote to memory of 2112	2088	rundll32.exe	28
PID 2088 wrote to memory of 2112	2088	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\t1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\t1.dll,#1
  2⤵
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads