4577e1340f659c9192ccecb6099f087d7e71773cdde470acc48c518fc0144281 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 09:06

Sharing

Report Analysis Logs

General

Target

8ec1abd7be3b974934f8c92f8e363a03.dll
Size

53KB
MD5

8ec1abd7be3b974934f8c92f8e363a03
SHA1

14366a0fb5b001c7e5595da20dd47c85d37265b0
SHA256

4577e1340f659c9192ccecb6099f087d7e71773cdde470acc48c518fc0144281
SHA512

986f37a9a8323c8eb7207dd1bb60f082c96980a23ec9d84560ee0320d716d7f296b347b19e2530392448e4917ed03f0cdc3662d1882ba00813fe90d24d6143f0
SSDEEP

1536:tS8ahR1LD2DkGmMNuYcoEFvj/Z4uDizc9oA:tbahR1LD2DMKcjV4uDizc9j

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2360	2348	rundll32.exe	28
PID 2348 wrote to memory of 2360	2348	rundll32.exe	28
PID 2348 wrote to memory of 2360	2348	rundll32.exe	28
PID 2348 wrote to memory of 2360	2348	rundll32.exe	28
PID 2348 wrote to memory of 2360	2348	rundll32.exe	28
PID 2348 wrote to memory of 2360	2348	rundll32.exe	28
PID 2348 wrote to memory of 2360	2348	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ec1abd7be3b974934f8c92f8e363a03.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ec1abd7be3b974934f8c92f8e363a03.dll,#1
  2⤵
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads