6ba57ff7553b6f4eba02a3eb326bdfb1a3e938349d7ffa8ea9b2795ec5bd2062 | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 22:43

Sharing

Report Analysis Logs

General

Target

DDPPro3.0/msht.dll
Size

38KB
MD5

19600f4cbb9021f612ca6e7e5baf76b9
SHA1

e67dc6a410d208e3db875c979ca8ec1ccfd10fad
SHA256

267e9830e99fa708a26c756c54121a4bc7568dc04fe7d4a40e43993c6dcd8bc2
SHA512

ad7cd79f6e21deab650d0a39308125e782380c676d51912c473dbec9376e4cff1a379deb65e97efc4bbd0d5d1f19e8bbff813271e33936e777279e163e59327d
SSDEEP

768:86WSXHdUp/L1LvoYAhbVWFapkh2XkgklY/xnha5:bWeCpJLvEdNpk0ilYD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1348	2228	rundll32.exe	28
PID 2228 wrote to memory of 1348	2228	rundll32.exe	28
PID 2228 wrote to memory of 1348	2228	rundll32.exe	28
PID 2228 wrote to memory of 1348	2228	rundll32.exe	28
PID 2228 wrote to memory of 1348	2228	rundll32.exe	28
PID 2228 wrote to memory of 1348	2228	rundll32.exe	28
PID 2228 wrote to memory of 1348	2228	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DDPPro3.0\msht.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DDPPro3.0\msht.dll,#1
  2⤵
  PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-1-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1348-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1348-2-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1348-3-0x00000000767A0000-0x00000000768B0000-memory.dmp

Filesize
1.1MB

Download