7908b7ef5a191a5c1edc6447bc2c68234de6522065e78db30f322d2bc0fa6789 | Triage

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 07:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e9086f996a4904d097d9bca51f53b40.dll
Size

144KB
MD5

8e9086f996a4904d097d9bca51f53b40
SHA1

5c823de2fe5351931536e9c4f4e89bb924f4efb8
SHA256

7908b7ef5a191a5c1edc6447bc2c68234de6522065e78db30f322d2bc0fa6789
SHA512

bedb0e70dc1ad09f602c25d5b10cc64d63cc1355995c7903af81eb73e1b3147d3861d7493949e522b16345fa7c8d60f0d9b2d94da3ced23c410c3a4bf19e9297
SSDEEP

1536:mobbh/LTJNVVM01EBwfy7poWlAfbuO2iwn/PsU/0K:zbFj9VGeeAfz2iw/18K

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1640	1632	rundll32.exe	28
PID 1632 wrote to memory of 1640	1632	rundll32.exe	28
PID 1632 wrote to memory of 1640	1632	rundll32.exe	28
PID 1632 wrote to memory of 1640	1632	rundll32.exe	28
PID 1632 wrote to memory of 1640	1632	rundll32.exe	28
PID 1632 wrote to memory of 1640	1632	rundll32.exe	28
PID 1632 wrote to memory of 1640	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e9086f996a4904d097d9bca51f53b40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e9086f996a4904d097d9bca51f53b40.dll,#1
  2⤵
  PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-1-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1640-0-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1640-2-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download