c6cb4827149ec1101fea354d4fd96671ed7424389482346e0e466e29796119f9 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 03:05

Sharing

Report Analysis Logs

General

Target

98511e1ad90f172bd1462db949ccf732.dll
Size

33KB
MD5

98511e1ad90f172bd1462db949ccf732
SHA1

7fd69233a5bddf8688d726ae238a15bab0fa2519
SHA256

c6cb4827149ec1101fea354d4fd96671ed7424389482346e0e466e29796119f9
SHA512

cf87850ad2bd40ac60ed1a212fe052383ef9d5c6df4b6104cd61973da95e6a830d7ad433c084b70ca9aab43dfe02a8c4d5d71e94371f0094e21013a681055c3d
SSDEEP

768:Hf/fosuj44q2F3FLBa7H7Qt7kZYnhYDLRKkS4:/nozB4bY7kZ0+vRKk1

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2464	1632	rundll32.exe	28
PID 1632 wrote to memory of 2464	1632	rundll32.exe	28
PID 1632 wrote to memory of 2464	1632	rundll32.exe	28
PID 1632 wrote to memory of 2464	1632	rundll32.exe	28
PID 1632 wrote to memory of 2464	1632	rundll32.exe	28
PID 1632 wrote to memory of 2464	1632	rundll32.exe	28
PID 1632 wrote to memory of 2464	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98511e1ad90f172bd1462db949ccf732.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98511e1ad90f172bd1462db949ccf732.dll,#1
  2⤵
  PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads