22c9bce9b3ebd7c244b8c9c7ebde5694407b5de26f87bf1ecc41299bb5cb7a64 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 02:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

85af319c07aab4c195bb7ff80987428e.dll
Size

8KB
MD5

85af319c07aab4c195bb7ff80987428e
SHA1

2e84658bc42f01d524c215bd857316530c21c5b7
SHA256

22c9bce9b3ebd7c244b8c9c7ebde5694407b5de26f87bf1ecc41299bb5cb7a64
SHA512

ce34252e6527e9407902961411129666902407212937e7fa8321d437c318096c88900626db0fb6d8fedfd1abda689a38724c08169df525043c5d034e132ec811
SSDEEP

48:yY/gqQ1hWMStdnapidc5kB94yLvjTUNcq3WN:QhWMStt2el3lUNt3W

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2116	1716	rundll32.exe	28
PID 1716 wrote to memory of 2116	1716	rundll32.exe	28
PID 1716 wrote to memory of 2116	1716	rundll32.exe	28
PID 1716 wrote to memory of 2116	1716	rundll32.exe	28
PID 1716 wrote to memory of 2116	1716	rundll32.exe	28
PID 1716 wrote to memory of 2116	1716	rundll32.exe	28
PID 1716 wrote to memory of 2116	1716	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85af319c07aab4c195bb7ff80987428e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\85af319c07aab4c195bb7ff80987428e.dll,#1
  2⤵
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads