35d311f52550b7b0b1b2f9d0b8d02c8dd703a3e745372e6d0abe985c0b89e056 | Triage

Resubmissions

19-02-2024 13:27

240219-qp2wvaea22 3

19-02-2024 13:23

240219-qm4yesde2t 3

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-02-2024 13:27

Sharing

Report Analysis Logs

General

Target

Rebus.ni.dll
Size

2.2MB
MD5

e8cbd78cf5fc4f0503298334764322f8
SHA1

a43b8d953832070182058b191f541957bd3b84b2
SHA256

07682bb18d417aa199391917ec9cd100f21c62c99f7e7baf3c2cb9d7fc7a83c2
SHA512

f8140523328060f6af1c267f6b113cb3b2fbd28ca15705b70dac0becee5a55fabcc6abe10d4ed1dc506e9eb8746f29fa67fa6986f5b0e0fedcc9e40fdca42dc7
SSDEEP

24576:7N6fUBccMFtTxkuGpr1mSF6Jj7aCgK5KPUPFA4J7:7NycCkXCJj7aCZ5FHF

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2568	2976	cmd.exe	32
PID 2976 wrote to memory of 2568	2976	cmd.exe	32
PID 2976 wrote to memory of 2568	2976	cmd.exe	32
PID 2976 wrote to memory of 1544	2976	cmd.exe	33
PID 2976 wrote to memory of 1544	2976	cmd.exe	33
PID 2976 wrote to memory of 1544	2976	cmd.exe	33
PID 2976 wrote to memory of 3064	2976	cmd.exe	34
PID 2976 wrote to memory of 3064	2976	cmd.exe	34
PID 2976 wrote to memory of 3064	2976	cmd.exe	34

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Rebus.ni.dll,#1
1⤵
PID:1752

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\system32\rundll32.exe
  rundll32.exe rebus.ni.dll
  2⤵
  PID:2568
- C:\Windows\system32\rundll32.exe
  rundll32.exe rebus.ni.dll
  2⤵
  PID:1544
- C:\Windows\system32\rundll32.exe
  rundll32.exe rebus.ni.dll
  2⤵
  PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads