b8e026f99db18b87d61bd538346a27cdaab9c4f719f094d3e25189fe1f70cac7 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 17:27

Sharing

Report Analysis Logs

General

Target

7ad6cf9bba8fc2bb94e97ee2ecdac4a4.dll
Size

11KB
MD5

7ad6cf9bba8fc2bb94e97ee2ecdac4a4
SHA1

b91d01e76bab01d14e68d5af1d71e76a6b321c32
SHA256

b8e026f99db18b87d61bd538346a27cdaab9c4f719f094d3e25189fe1f70cac7
SHA512

b23e21d2e1b51396a1f2b8bbf5c946237204c05c5ac741984c545b2c74c486669e97955bfa02437fc729f05b4437d3b2bcfc34ab50302433d566b37f9d17dff3
SSDEEP

192:2RphXNj+EKxDT6bZPHFfSyoIK/MPbNvW9pcEQ:2R7kB1uZtKHIK/MPbNvWvcEQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2324	2108	rundll32.exe	28
PID 2108 wrote to memory of 2324	2108	rundll32.exe	28
PID 2108 wrote to memory of 2324	2108	rundll32.exe	28
PID 2108 wrote to memory of 2324	2108	rundll32.exe	28
PID 2108 wrote to memory of 2324	2108	rundll32.exe	28
PID 2108 wrote to memory of 2324	2108	rundll32.exe	28
PID 2108 wrote to memory of 2324	2108	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ad6cf9bba8fc2bb94e97ee2ecdac4a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ad6cf9bba8fc2bb94e97ee2ecdac4a4.dll,#1
  2⤵
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads