0df00e3b176a7c7b81c2015f2a6a67653402bcf5583a002a128ff618e9eacdfc | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 20:56

Sharing

Report Analysis Logs

General

Target

VirusShare_e7287542d3d9c55601e14c8b28b8b8c0.dll
Size

17KB
MD5

e7287542d3d9c55601e14c8b28b8b8c0
SHA1

fa739c046566e34b1b54b65ef1ce2553d71773c1
SHA256

0df00e3b176a7c7b81c2015f2a6a67653402bcf5583a002a128ff618e9eacdfc
SHA512

061d691efd9b315e7a77e6d3509b97cd6448fae51547954011b9a0764bdb3ad002fe55772efa68f5a2c4ec274c9db3f4dfb687b2ab566890b3e237a61cf9f214
SSDEEP

384:eyymEJ/PdOBkyryITSSW1Bfyb4sYahkzSlC:7dM/lzFT76sQNC

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2788	2856	rundll32.exe	28
PID 2856 wrote to memory of 2788	2856	rundll32.exe	28
PID 2856 wrote to memory of 2788	2856	rundll32.exe	28
PID 2856 wrote to memory of 2788	2856	rundll32.exe	28
PID 2856 wrote to memory of 2788	2856	rundll32.exe	28
PID 2856 wrote to memory of 2788	2856	rundll32.exe	28
PID 2856 wrote to memory of 2788	2856	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_e7287542d3d9c55601e14c8b28b8b8c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_e7287542d3d9c55601e14c8b28b8b8c0.dll,#1
  2⤵
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads