095a30de149aef0a743da54b5491fe695a5694a35d4565cd1e66843d7c9ef261 | Triage

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/02/2024, 20:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aa1ac6a0e87f1a50e5be9e73d66d2e87.dll
Size

122KB
MD5

aa1ac6a0e87f1a50e5be9e73d66d2e87
SHA1

3eca2bd24871a470ec0851f5fa72d11da34bb85f
SHA256

095a30de149aef0a743da54b5491fe695a5694a35d4565cd1e66843d7c9ef261
SHA512

c30a7033fe6aea78954191a5efb162fd96d136de95220205269b2e79e993bd8aceae51821773a66f4877eefbb71d3c3a244f3d8078f870d443bd5bd52a7dcf0d
SSDEEP

1536:TUPN2o5nBQQz5uUrVqP9C3eKgVME6ppIFgU8Ws:wlduP+wMfpISh3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1448	2980	rundll32.exe	27
PID 2980 wrote to memory of 1448	2980	rundll32.exe	27
PID 2980 wrote to memory of 1448	2980	rundll32.exe	27
PID 2980 wrote to memory of 1448	2980	rundll32.exe	27
PID 2980 wrote to memory of 1448	2980	rundll32.exe	27
PID 2980 wrote to memory of 1448	2980	rundll32.exe	27
PID 2980 wrote to memory of 1448	2980	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa1ac6a0e87f1a50e5be9e73d66d2e87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa1ac6a0e87f1a50e5be9e73d66d2e87.dll,#1
  2⤵
  PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads