4d3a0ca2fb8251c2cfde038e96f4f08eb6c4d47642c9d25f00aa9175f3037c42 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 07:13

Sharing

Report Analysis Logs

General

Target

98cb212032c9d192f7328acf6b3530fb.dll
Size

14KB
MD5

98cb212032c9d192f7328acf6b3530fb
SHA1

65f2cede1d996888ba1de65757217a998d9ed04f
SHA256

4d3a0ca2fb8251c2cfde038e96f4f08eb6c4d47642c9d25f00aa9175f3037c42
SHA512

abf32fadf7aac03d9396815c8edfdce882f28f76ecc90d2910617eb740d32dde1b7de2b55cc51f6e29d01abb62198639e7a6ee95e4ae5bf52218796dd7f54b47
SSDEEP

384:45FrPKNXFVrb03SWMQ9pzYkXXkhSi2Vsg+ax:4HrPKNXnM3S+pzY4S7yPP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2964	2284	rundll32.exe	28
PID 2284 wrote to memory of 2964	2284	rundll32.exe	28
PID 2284 wrote to memory of 2964	2284	rundll32.exe	28
PID 2284 wrote to memory of 2964	2284	rundll32.exe	28
PID 2284 wrote to memory of 2964	2284	rundll32.exe	28
PID 2284 wrote to memory of 2964	2284	rundll32.exe	28
PID 2284 wrote to memory of 2964	2284	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98cb212032c9d192f7328acf6b3530fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98cb212032c9d192f7328acf6b3530fb.dll,#1
  2⤵
  PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2964-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download