5ab35e21b05db047afd7ba744953ed7e59e3113351beaa198350e32f75e4d41b | Triage

Analysis

max time kernel
122s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 17:24 UTC

Sharing

Report Analysis Logs

General

Target

bc623399a5ee8fa9e552c98b8b5c5eb2.dll
Size

72KB
MD5

bc623399a5ee8fa9e552c98b8b5c5eb2
SHA1

3e5335521bea7585e367fe36d68ee0c26bec3d32
SHA256

5ab35e21b05db047afd7ba744953ed7e59e3113351beaa198350e32f75e4d41b
SHA512

0691bb2b810865c38827a0eb63081b67018ed04a715cf2a5d0f409a9b96aaa0df7277391ebd1eaaa63fe2ac79f4109e02301932c0efcb8309f0f6ce473aeade9
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2088	2660	rundll32.exe	29
PID 2660 wrote to memory of 2088	2660	rundll32.exe	29
PID 2660 wrote to memory of 2088	2660	rundll32.exe	29
PID 2660 wrote to memory of 2088	2660	rundll32.exe	29
PID 2660 wrote to memory of 2088	2660	rundll32.exe	29
PID 2660 wrote to memory of 2088	2660	rundll32.exe	29
PID 2660 wrote to memory of 2088	2660	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc623399a5ee8fa9e552c98b8b5c5eb2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc623399a5ee8fa9e552c98b8b5c5eb2.dll,#1
  2⤵
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads