9d75e4189d6a10ead3b280b50bcd34ebf1d41e147e379f02d98cdb2dbd6b80e1 | Triage

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 06:17

Sharing

Report Analysis Logs

General

Target

8626c8644145ce434e49501e18b2c8cc.dll
Size

74KB
MD5

8626c8644145ce434e49501e18b2c8cc
SHA1

dc95056552a029bd93fa90dc057b6445358ff827
SHA256

9d75e4189d6a10ead3b280b50bcd34ebf1d41e147e379f02d98cdb2dbd6b80e1
SHA512

7f3aa63a3c5c6b85148c462a91b8567af2a9f70af4d7e00053d80272dc034b06ffa29dbeef10ab25354150ba37509103e7e6e11b28e2236c9111541dea7cd6a4
SSDEEP

1536:agF0eiyUcb0QUrf55ZhU9dI+DbJIGG65NAJEuaJ2+ZBW:t2yFGrxThUzIxwA+JQ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 2792	1228	rundll32.exe	28
PID 1228 wrote to memory of 2792	1228	rundll32.exe	28
PID 1228 wrote to memory of 2792	1228	rundll32.exe	28
PID 1228 wrote to memory of 2792	1228	rundll32.exe	28
PID 1228 wrote to memory of 2792	1228	rundll32.exe	28
PID 1228 wrote to memory of 2792	1228	rundll32.exe	28
PID 1228 wrote to memory of 2792	1228	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8626c8644145ce434e49501e18b2c8cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8626c8644145ce434e49501e18b2c8cc.dll,#1
  2⤵
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads