8420499930e4c7b39beb16dd7c830f7010138beb6db145ec514e2c70746ce763 | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 02:49

Sharing

Report Analysis Logs

General

Target

ba53bbfa1f5fd01060cde5ea693d00ff.dll
Size

29KB
MD5

ba53bbfa1f5fd01060cde5ea693d00ff
SHA1

071dd3bea1ea2c11c1ac86f7ae050ddb69ca5683
SHA256

8420499930e4c7b39beb16dd7c830f7010138beb6db145ec514e2c70746ce763
SHA512

1b1bf78070664197eb6c5dd4ff2cfd329333e2eb0995745026a88feb2e65c276cc0b2989063a98f01a938d45085183b552fc4c2bb0504bae00aa844f51d439fb
SSDEEP

768:4UhOBrTv6uPaeVbvci/8f+kUVw7DRriyrfdSZ:49V5aeVb0i/8GRw7brFSZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1736	2072	rundll32.exe	28
PID 2072 wrote to memory of 1736	2072	rundll32.exe	28
PID 2072 wrote to memory of 1736	2072	rundll32.exe	28
PID 2072 wrote to memory of 1736	2072	rundll32.exe	28
PID 2072 wrote to memory of 1736	2072	rundll32.exe	28
PID 2072 wrote to memory of 1736	2072	rundll32.exe	28
PID 2072 wrote to memory of 1736	2072	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba53bbfa1f5fd01060cde5ea693d00ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba53bbfa1f5fd01060cde5ea693d00ff.dll,#1
  2⤵
  PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads