979f500ee3d7d9541b60b92b6c87a0c5fd3ead2a4ac3b7e781e57769d266199b | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 03:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b66cf2c3ae9a73fe3de2e7a2238281bb.dll
Size

18KB
MD5

b66cf2c3ae9a73fe3de2e7a2238281bb
SHA1

2811fe305b8a4547ba79885ad2d09c79d324376b
SHA256

979f500ee3d7d9541b60b92b6c87a0c5fd3ead2a4ac3b7e781e57769d266199b
SHA512

a0535ab4e3de31e95733bec5c32f4cb09fd6160566dab10aa8d09807e33ae9994e1a8e243c6868f8311a9cd5e7b5687e278329b076cf0a78d2e18add7622f651
SSDEEP

384:bWWTEcWncGfzfJ9UucOClKtzKe+Jjnv6qbM8hCxqBtAPO:UTfzfK1KtLwnv+8hff

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b66cf2c3ae9a73fe3de2e7a2238281bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b66cf2c3ae9a73fe3de2e7a2238281bb.dll,#1
  2⤵
  PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2196-0-0x00000000000B0000-0x00000000000CB000-memory.dmp

Filesize
108KB

Download
memory/2196-1-0x00000000000B0000-0x00000000000CB000-memory.dmp

Filesize
108KB

Download
memory/2196-2-0x00000000000C0000-0x00000000000DB000-memory.dmp

Filesize
108KB

Download