54bb19d9608d11a4849f932e0a4fd54055cdbeffe6d99625597657d14d0cbc29 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 20:40

Sharing

Report Analysis Logs

General

Target

msn.dll
Size

18KB
MD5

f1f6421f7bb0066bd07cd3815f909dec
SHA1

e50d31a4997917b45d8cbf853e8e38790147315a
SHA256

eed72e4c94aa36067739c060496908f8a7c61919085b0e84bc0f2446d309cd6b
SHA512

b100f5bff9dc185cad9fc2946b30f51a78c4622592421651e03c32260556103c9f876217391b878524f547335f53d167c6434f219ec2b8bdc313129c9f9fad15
SSDEEP

384:A8c+3LB74HE3sxQwNjdNH3+ocTE9mWAFWUyrGu:AM4HE3sWwZH3+/E9H

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 1640	1836	rundll32.exe	28
PID 1836 wrote to memory of 1640	1836	rundll32.exe	28
PID 1836 wrote to memory of 1640	1836	rundll32.exe	28
PID 1836 wrote to memory of 1640	1836	rundll32.exe	28
PID 1836 wrote to memory of 1640	1836	rundll32.exe	28
PID 1836 wrote to memory of 1640	1836	rundll32.exe	28
PID 1836 wrote to memory of 1640	1836	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\msn.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\msn.dll,#1
  2⤵
  PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads