0697d9ce113fc2007ab6be2e3d6eba7d0339f73f6045049b1541063f6f151267 | Triage

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 06:06

Sharing

Report Analysis Logs

General

Target

ab2f665507ef6cc58bb8f1adcdbc964f.dll
Size

24KB
MD5

ab2f665507ef6cc58bb8f1adcdbc964f
SHA1

9f24ae6f39910bac42bd4911c26d921d6a626563
SHA256

0697d9ce113fc2007ab6be2e3d6eba7d0339f73f6045049b1541063f6f151267
SHA512

0ddf1fed19f4585fc813290c6ff11ce1bc1b0398c575e0b1826206e3204cd7961595404d2e6903ded5c86e5613c62f782946c1ec51bf2393f2d7b5c5990f80f4
SSDEEP

384:DgZF9XpDshgWIPuEQCpCODJn1+cBhnYPLBAzDGz8Vm:C9XNZWI6CUOxtnzDGN

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2372	1500	rundll32.exe	28
PID 1500 wrote to memory of 2372	1500	rundll32.exe	28
PID 1500 wrote to memory of 2372	1500	rundll32.exe	28
PID 1500 wrote to memory of 2372	1500	rundll32.exe	28
PID 1500 wrote to memory of 2372	1500	rundll32.exe	28
PID 1500 wrote to memory of 2372	1500	rundll32.exe	28
PID 1500 wrote to memory of 2372	1500	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2f665507ef6cc58bb8f1adcdbc964f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ab2f665507ef6cc58bb8f1adcdbc964f.dll,#1
  2⤵
  PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads