e924d3fd187a0bd3cad58c9ac7e1a234f33775b93ac3f678163368c838861ae3 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 09:02

Sharing

Report Analysis Logs

General

Target

$_5_.dll
Size

250KB
MD5

7e2bb07553344c9246a3ba588b88d34b
SHA1

c610275cd535e351d308218f154d4ea0787afff7
SHA256

5def5ff832fb77a32e68debc54774aaa42b343cc656d47d2ec80e1c2f28f94a7
SHA512

ca1284531bf54f8509569d6ee6e89ff8c9df2b0ddba9a324a9b08f11e292897fd8a1534d9e8ad19c3dc01f0dd50dff38ceb686276433bb1b2405bfe517a06170
SSDEEP

6144:RzKpCCd1k3uZYWJ6cAi4LUXBUYnGrR+h+73:lKQCJ6cfCnrR+y3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1176	3028	rundll32.exe	28
PID 3028 wrote to memory of 1176	3028	rundll32.exe	28
PID 3028 wrote to memory of 1176	3028	rundll32.exe	28
PID 3028 wrote to memory of 1176	3028	rundll32.exe	28
PID 3028 wrote to memory of 1176	3028	rundll32.exe	28
PID 3028 wrote to memory of 1176	3028	rundll32.exe	28
PID 3028 wrote to memory of 1176	3028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_5_.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_5_.dll,#1
  2⤵
  PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads