4e205954954f78500ae7417a050e462cb0d95e7b47382ae5e47d78a5e958c985 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 22:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

97b6cd39163aa8140fc23d31b4814fb1.dll
Size

55KB
MD5

97b6cd39163aa8140fc23d31b4814fb1
SHA1

b5b2f8e213534ec66437e61393a3af9ef4729aad
SHA256

4e205954954f78500ae7417a050e462cb0d95e7b47382ae5e47d78a5e958c985
SHA512

800529136194d9e25378e1a9ae0d968acfb65b5901ba7537f367028f099d4078c226b97849965dd3a33bdc1944ecd156230a119a2a537a783e383825f85bd5ab
SSDEEP

1536:MhBRVgrExucMKaX9ekNj9sE/O2/fIOaWN2AyhwU:cRRsslwlaS2Aa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1164	3056	rundll32.exe	28
PID 3056 wrote to memory of 1164	3056	rundll32.exe	28
PID 3056 wrote to memory of 1164	3056	rundll32.exe	28
PID 3056 wrote to memory of 1164	3056	rundll32.exe	28
PID 3056 wrote to memory of 1164	3056	rundll32.exe	28
PID 3056 wrote to memory of 1164	3056	rundll32.exe	28
PID 3056 wrote to memory of 1164	3056	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97b6cd39163aa8140fc23d31b4814fb1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\97b6cd39163aa8140fc23d31b4814fb1.dll,#1
  2⤵
  PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads