c82d434f74b76a2efe3c41c6db42495093d439bd5dd3bebf47e65b0edb73a598 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 02:51

Sharing

Report Analysis Logs

General

Target

7bf40742f2c39caa2ce20a5b8c83caa7.dll
Size

13KB
MD5

7bf40742f2c39caa2ce20a5b8c83caa7
SHA1

5778f0391424fadd76abe877ce68f1bdbfe36bbf
SHA256

c82d434f74b76a2efe3c41c6db42495093d439bd5dd3bebf47e65b0edb73a598
SHA512

4e15e6ca549761d13d7b73b5abdad9288486f1b1488b716e61061017e9884c11b48c57cb483242257de61e3838d9d1c2caeb47aedcdb58429e180a444174b92f
SSDEEP

384:BH4FFxGhhsqqTgwa7nfl8zATMVqxmpqd:h4FqqTg97nf+zATqqxm

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2664	2856	rundll32.exe	28
PID 2856 wrote to memory of 2664	2856	rundll32.exe	28
PID 2856 wrote to memory of 2664	2856	rundll32.exe	28
PID 2856 wrote to memory of 2664	2856	rundll32.exe	28
PID 2856 wrote to memory of 2664	2856	rundll32.exe	28
PID 2856 wrote to memory of 2664	2856	rundll32.exe	28
PID 2856 wrote to memory of 2664	2856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf40742f2c39caa2ce20a5b8c83caa7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf40742f2c39caa2ce20a5b8c83caa7.dll,#1
  2⤵
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2664-0-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/2664-1-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download