534a2360786ab49a6e58eab3efd1379bb435d74f2868148c89100dadde607319 | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 02:00

Sharing

Report Analysis Logs

General

Target

8defef5fb093c40c5f585f25fde85e97.dll
Size

98KB
MD5

8defef5fb093c40c5f585f25fde85e97
SHA1

645cb990907e7a20722e390032271b1294da8cbe
SHA256

534a2360786ab49a6e58eab3efd1379bb435d74f2868148c89100dadde607319
SHA512

71c1dba3bd50ed7eb06a41b1501fad26e49323898b4ea68c50279a0b76b895446e8cd9396f72f8c3b0d7af922888d810b5b962e6b833ff876ccabd096d707549
SSDEEP

3072:z1QT0hvKOW4cVLLePlKWhWhOyTz50Li98:z1fQOWfNWVgTqQ8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16
PID 2964 wrote to memory of 2104	2964	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8defef5fb093c40c5f585f25fde85e97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8defef5fb093c40c5f585f25fde85e97.dll,#1
  2⤵
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads