d52730cba45839b6b9493e2f3cc5d7a63f205afda342f7b8964b42da7d90baa2 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 18:40

Sharing

Report Analysis Logs

General

Target

ac9381f4900a5e694924f6177b356b47.dll
Size

6KB
MD5

ac9381f4900a5e694924f6177b356b47
SHA1

2132d1e23e4ce2de6b13e0ceadab4919486fcc79
SHA256

d52730cba45839b6b9493e2f3cc5d7a63f205afda342f7b8964b42da7d90baa2
SHA512

7f2df2764c3012b4b23d596fec0b06840aeecb363754dc9783d9aa65930a6b82c34f9ea2c5d85b51edbd7c886b849634293f46688fc50da0eedc1157949e812c
SSDEEP

48:6DOdd5YVOiFVE/y/sqwokyJyi0NXB+BDq9J5S9:piFVE/y6okJZXB+FqX5S9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2256	2212	rundll32.exe	28
PID 2212 wrote to memory of 2256	2212	rundll32.exe	28
PID 2212 wrote to memory of 2256	2212	rundll32.exe	28
PID 2212 wrote to memory of 2256	2212	rundll32.exe	28
PID 2212 wrote to memory of 2256	2212	rundll32.exe	28
PID 2212 wrote to memory of 2256	2212	rundll32.exe	28
PID 2212 wrote to memory of 2256	2212	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac9381f4900a5e694924f6177b356b47.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac9381f4900a5e694924f6177b356b47.dll,#1
  2⤵
  PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads