6514de696844e280e0561494ce4f0c08f55c44f991ad8057c6cfdeca0e4cd59f | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 04:07

Sharing

Report Analysis Logs

General

Target

aaf6a161873c9be994ff973126fcffe4.dll
Size

782KB
MD5

aaf6a161873c9be994ff973126fcffe4
SHA1

47b0728b4d7614d03411217cae29c831436d17a3
SHA256

6514de696844e280e0561494ce4f0c08f55c44f991ad8057c6cfdeca0e4cd59f
SHA512

38df867d4f9183a7d39e305405fc324beeef13fe77bc54fb06de94dfa76be40795c29e519510f1138700d5e5f4d5919ed685c78da76b23bfd513cd2c30bd5950
SSDEEP

12288:FZZ2dbUYyw+Ca/hQn9810kYVVuxaGIgG0n:B2pRPn981bYVVuxaGY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2008	2968	rundll32.exe	28
PID 2968 wrote to memory of 2008	2968	rundll32.exe	28
PID 2968 wrote to memory of 2008	2968	rundll32.exe	28
PID 2968 wrote to memory of 2008	2968	rundll32.exe	28
PID 2968 wrote to memory of 2008	2968	rundll32.exe	28
PID 2968 wrote to memory of 2008	2968	rundll32.exe	28
PID 2968 wrote to memory of 2008	2968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaf6a161873c9be994ff973126fcffe4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aaf6a161873c9be994ff973126fcffe4.dll,#1
  2⤵
  PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads