bdb32cb505328d5a7feb2de5a63108c840ab65f47c318960fdb844f4e2a42220 | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 12:18

Sharing

Report Analysis Logs

General

Target

a1d9f9fc419dc189a4f7d0ec888bfb14.dll
Size

113KB
MD5

a1d9f9fc419dc189a4f7d0ec888bfb14
SHA1

45ab6785775b9610c5816e9cecdaeb04d5edf3bb
SHA256

bdb32cb505328d5a7feb2de5a63108c840ab65f47c318960fdb844f4e2a42220
SHA512

f68aede6c5db2333cbd8bc3009b94984bf65ed1608f1436734f07237b13122d125b49e02f7e5616471f0d6814426042aed8224a68d410d951684a7911cf4c969
SSDEEP

3072:ulet9sM0MaSZOIZSB3cIX28ZXS720AaoNEdDB:3tNpaSZAn/aj

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28
PID 1688 wrote to memory of 2204	1688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1d9f9fc419dc189a4f7d0ec888bfb14.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a1d9f9fc419dc189a4f7d0ec888bfb14.dll,#1
  2⤵
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download