7c46038c39d5e574738069256bc30cf86675bcabea0905b97f92b8be1bffa58d | Triage

Analysis

max time kernel
20s
max time network
19s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/02/2024, 12:27

Sharing

Report Analysis Logs

General

Target

display_mouse_lock.dll
Size

68KB
MD5

5abb25e85d932c99417e88587fe6d134
SHA1

10140e5533c98eb93d2cbb1a0ebe434858de203e
SHA256

f02b464cf4595a5086abfb51259b71e7727187987d222edcc87e77e7cc49c626
SHA512

e1bc0963ebd0d60220492093d40289deeb425f71a001455b71ea30b4a2983b885f05667ec6692b288f20456b544fa43e1221e22444a6ad3b1a9695332b90fdc7
SSDEEP

1536:ZkFyebsPbofQWbNN9ZwQntSj1sWE1cdyrfQrdoUxU:G5fDb8KtSwEyrfQ53S

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2116	1700	rundll32.exe	21
PID 1700 wrote to memory of 2116	1700	rundll32.exe	21
PID 1700 wrote to memory of 2116	1700	rundll32.exe	21
PID 1700 wrote to memory of 2116	1700	rundll32.exe	21
PID 1700 wrote to memory of 2116	1700	rundll32.exe	21
PID 1700 wrote to memory of 2116	1700	rundll32.exe	21
PID 1700 wrote to memory of 2116	1700	rundll32.exe	21

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\display_mouse_lock.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\display_mouse_lock.dll,#1
  2⤵
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads