e3766ec1f4038ca5a3cb1ca31b6445485cf0338de7f4bb0dc053c5c2d301778d | Triage

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 19:09

Sharing

Report Analysis Logs

General

Target

b97317ccadba5b3d9bf436f344e0482e.dll
Size

109KB
MD5

b97317ccadba5b3d9bf436f344e0482e
SHA1

0aaf87c4738799bfab39268bef50551c7908d407
SHA256

e3766ec1f4038ca5a3cb1ca31b6445485cf0338de7f4bb0dc053c5c2d301778d
SHA512

64640be891fea1d3f586b286b1294c049f80d9fc7ac876bc2326ee8a8b47efd585b362b8c62d84439ba99963d8f425b1ce6566108075a57a8b4ead552a1000ee
SSDEEP

3072:H4BmO9NYuQh4Z0gVueYRSRr/dKR3Zmq50tL:zsTuMFFe3q9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28
PID 1224 wrote to memory of 2612	1224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b97317ccadba5b3d9bf436f344e0482e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b97317ccadba5b3d9bf436f344e0482e.dll,#1
  2⤵
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads