f81d5001b7862a211fc82f2922103622a714e3cb214749ba985b937a5f0cafc2 | Triage

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 15:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8cbcf6baf6c2ed929092b6163f2d24e4.dll
Size

40KB
MD5

8cbcf6baf6c2ed929092b6163f2d24e4
SHA1

74abdfd6c308fb475c117d96ed9a91af19a31bc5
SHA256

f81d5001b7862a211fc82f2922103622a714e3cb214749ba985b937a5f0cafc2
SHA512

79bb5a06df5fb7e26af0f977f7f5a1c3709cd3aac2bdd06564e503d86effdd71a2db198c42b5f33925e6f5786bdb3989037a6249bf4ecae894fd3beeb92203a7
SSDEEP

768:NCpqFQtwmjmx+0nR61mv89J68GEUKNCki239Y4XXG9hp8x:8pqFQVCNRK6CbAhOx

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2116	3068	rundll32.exe	28
PID 3068 wrote to memory of 2116	3068	rundll32.exe	28
PID 3068 wrote to memory of 2116	3068	rundll32.exe	28
PID 3068 wrote to memory of 2116	3068	rundll32.exe	28
PID 3068 wrote to memory of 2116	3068	rundll32.exe	28
PID 3068 wrote to memory of 2116	3068	rundll32.exe	28
PID 3068 wrote to memory of 2116	3068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cbcf6baf6c2ed929092b6163f2d24e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cbcf6baf6c2ed929092b6163f2d24e4.dll,#1
  2⤵
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads