dcbbe31e1100edad1738c3f997543c5085b5b2a5b610dd08ada35427827c1231 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 14:33

Sharing

Report Analysis Logs

General

Target

1.dll
Size

840KB
MD5

c18ed17355b2cbeb35492c5655ce3169
SHA1

4f6d42a41ed6fa567c8f0f835a2cd5662f7f3978
SHA256

dcbbe31e1100edad1738c3f997543c5085b5b2a5b610dd08ada35427827c1231
SHA512

82d5aa7a1b5d0e48b8532a58f734f1e7840e8a7907bf09677c46d80e43d6cb1cfc2bece10857c9f07a9cde4336bb5d0fee90fa25b38ed1566fcb9426a34b28bf
SSDEEP

24576:ee9nfmpSVmL+Cf72yb1SFEtEfPmY4uRD7HpUMhOw8ghE:dBmpSVmLfCDfPJ4cDFPhmghE

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

2128 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1660 wrote to memory of 2128	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 2128	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 2128	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 2128	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 2128	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 2128	1660	rundll32.exe	rundll32.exe
PID 1660 wrote to memory of 2128	1660	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1.dll,#1
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2128

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-0-0x0000000000260000-0x0000000000296000-memory.dmp

Filesize
216KB

Download
memory/2128-1-0x0000000000260000-0x0000000000296000-memory.dmp

Filesize
216KB

Download