38f058ecd9ff1798dda3f22128f5660ed4a9b271d3447acaa01ee081df803c42 | Triage

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 23:21

Sharing

Report Analysis Logs

General

Target

ad1e3acbedf7e0c1b5d65799ff7a82ea.dll
Size

3KB
MD5

ad1e3acbedf7e0c1b5d65799ff7a82ea
SHA1

832e55780faa8546314fbb145c5b6c9ffe75d338
SHA256

38f058ecd9ff1798dda3f22128f5660ed4a9b271d3447acaa01ee081df803c42
SHA512

79de205ba68f43a74a6a3882ec1eb1403a5ab361ac6bd5d7d5b294aaf63aa555adb9bf39c6f04148b3985e5e493fdd11e0defc7cc3b9c2ed90c67a90875b253f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2912	1724	rundll32.exe	28
PID 1724 wrote to memory of 2912	1724	rundll32.exe	28
PID 1724 wrote to memory of 2912	1724	rundll32.exe	28
PID 1724 wrote to memory of 2912	1724	rundll32.exe	28
PID 1724 wrote to memory of 2912	1724	rundll32.exe	28
PID 1724 wrote to memory of 2912	1724	rundll32.exe	28
PID 1724 wrote to memory of 2912	1724	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad1e3acbedf7e0c1b5d65799ff7a82ea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad1e3acbedf7e0c1b5d65799ff7a82ea.dll,#1
  2⤵
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads