5f2b9c4e66c5bf468698aa0f2f715b0daf701f099f422234fa370c7ff2d1d6da | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 03:07

Sharing

Report Analysis Logs

General

Target

7eb89701fa344b53f07a2c5e7df3f550.dll
Size

28KB
MD5

7eb89701fa344b53f07a2c5e7df3f550
SHA1

43b802b45ec61acdb4dfa8079cfd4188013de1e9
SHA256

5f2b9c4e66c5bf468698aa0f2f715b0daf701f099f422234fa370c7ff2d1d6da
SHA512

deb9a6f7994a38b66dae2a8c121487a8b56167c16e8cf540db17de5eae1f6a58a4485fb5fe456590f09b5a2da4c127413a4fcbeec3981180d04d7d4f30411ca8
SSDEEP

768:D23TUdPGE8gFzETxsrrLzOSPEeqjbOKTI0p6:nGFGE1szrPAJC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2944	2928	rundll32.exe	28
PID 2928 wrote to memory of 2944	2928	rundll32.exe	28
PID 2928 wrote to memory of 2944	2928	rundll32.exe	28
PID 2928 wrote to memory of 2944	2928	rundll32.exe	28
PID 2928 wrote to memory of 2944	2928	rundll32.exe	28
PID 2928 wrote to memory of 2944	2928	rundll32.exe	28
PID 2928 wrote to memory of 2944	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7eb89701fa344b53f07a2c5e7df3f550.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7eb89701fa344b53f07a2c5e7df3f550.dll,#1
  2⤵
  PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads