b20b0935c85d589b341e86f5d142587b90199423ed161fd1c82b6428295e3c71 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 02:48

Sharing

Report Analysis Logs

General

Target

b65125ebba175d9718d6a279cc371d4f.dll
Size

26KB
MD5

b65125ebba175d9718d6a279cc371d4f
SHA1

a8c7439e9ad689ae4af104ec9b6e810542f2be86
SHA256

b20b0935c85d589b341e86f5d142587b90199423ed161fd1c82b6428295e3c71
SHA512

e0e05f8315e646147d2a0746d94f6f3710d2b7f7e27ef1a119affaedcca1866ad6dcd1c85575525fd3cf9bd0cb61113e5b0a8eb8ac25c14dcb5c3a35cfe5497e
SSDEEP

768:WSAlIog2QOKq/oktBBQARQk6MRVoTw7j:ylDVKgBBQARqlTw7j

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2804	2268	rundll32.exe	28
PID 2268 wrote to memory of 2804	2268	rundll32.exe	28
PID 2268 wrote to memory of 2804	2268	rundll32.exe	28
PID 2268 wrote to memory of 2804	2268	rundll32.exe	28
PID 2268 wrote to memory of 2804	2268	rundll32.exe	28
PID 2268 wrote to memory of 2804	2268	rundll32.exe	28
PID 2268 wrote to memory of 2804	2268	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b65125ebba175d9718d6a279cc371d4f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b65125ebba175d9718d6a279cc371d4f.dll,#1
  2⤵
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads