1a5ce8607526c024e9588f10af00c421c4ec052971323d513fdc5dd3a0f2b91a | Triage

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 14:54

Sharing

Report Analysis Logs

General

Target

9bf78dfaeedeee8dea7efe704575bb3a.dll
Size

79KB
MD5

9bf78dfaeedeee8dea7efe704575bb3a
SHA1

d4ff82809999b42d3f02f93ac94d433444382204
SHA256

1a5ce8607526c024e9588f10af00c421c4ec052971323d513fdc5dd3a0f2b91a
SHA512

ef89faedfe8ae973272556ffb303d103cd1521f3a65c2bb1eb711bb6cc9077994ddc4d8e4da96d7b3a96409255e9ff510046b21ee37de339d02897bd07fa17b9
SSDEEP

1536:qtbEgcC1zKEw/mNodcjD3ALI6txO/MQhqjP0Ch:qhEI1WERNoo3ALI6txZQhqb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2992	2996	rundll32.exe	28
PID 2996 wrote to memory of 2992	2996	rundll32.exe	28
PID 2996 wrote to memory of 2992	2996	rundll32.exe	28
PID 2996 wrote to memory of 2992	2996	rundll32.exe	28
PID 2996 wrote to memory of 2992	2996	rundll32.exe	28
PID 2996 wrote to memory of 2992	2996	rundll32.exe	28
PID 2996 wrote to memory of 2992	2996	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bf78dfaeedeee8dea7efe704575bb3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9bf78dfaeedeee8dea7efe704575bb3a.dll,#1
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2992-0-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/2992-1-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download
memory/2992-2-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download