2c8e60af454aaa60cd9d2f89d77fe2e3ec836adbdd9fc922b915af370acb87bc | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 07:57

Sharing

Report Analysis Logs

General

Target

8e9ed3b7a04af42e4d411365e9161850.dll
Size

8KB
MD5

8e9ed3b7a04af42e4d411365e9161850
SHA1

2b1c447dc949338a3b681b6c584cc0a969759a44
SHA256

2c8e60af454aaa60cd9d2f89d77fe2e3ec836adbdd9fc922b915af370acb87bc
SHA512

34ac4d363fd0dabec969b1285ae1d47615f9ca9cf86d9cf1221997ac991cac4a5b67368d5a16c1a933cf333c9c1456f20597c0ab19a67cc37afc719811d3871e
SSDEEP

192:UR+4IyQwoHU0K266GU9JOnc27pSIzBWBWYAryWBm:y+UoJb9gncspSg0WYAryWB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28
PID 3028 wrote to memory of 1756	3028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e9ed3b7a04af42e4d411365e9161850.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e9ed3b7a04af42e4d411365e9161850.dll,#1
  2⤵
  PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-0-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download