6dd1b5594b061e0579a65b8a08f30994bb5c4a30c6d9fa99e575f15538a77c76 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 02:48

Sharing

Report Analysis Logs

General

Target

a0c06552150a37f766cb9915903e1038.dll
Size

2KB
MD5

a0c06552150a37f766cb9915903e1038
SHA1

2a36cf9e16069ef16f148cf29f628b7c42700377
SHA256

6dd1b5594b061e0579a65b8a08f30994bb5c4a30c6d9fa99e575f15538a77c76
SHA512

f8abea79c43e0cbeaeb646e1f4f8230cfdbfd8d47b4e05914bb89fc18fe257a926a3896ad71c62adc28f3f682632dcbc1125123d573207c3d47e152add4deb8a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2204	2232	rundll32.exe	28
PID 2232 wrote to memory of 2204	2232	rundll32.exe	28
PID 2232 wrote to memory of 2204	2232	rundll32.exe	28
PID 2232 wrote to memory of 2204	2232	rundll32.exe	28
PID 2232 wrote to memory of 2204	2232	rundll32.exe	28
PID 2232 wrote to memory of 2204	2232	rundll32.exe	28
PID 2232 wrote to memory of 2204	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0c06552150a37f766cb9915903e1038.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0c06552150a37f766cb9915903e1038.dll,#1
  2⤵
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-0-0x0000000030000000-0x00000000303B0000-memory.dmp

Filesize
3.7MB

Download
memory/2204-1-0x0000000030000000-0x00000000303B0000-memory.dmp

Filesize
3.7MB

Download