1a39774c30bfca80494f37edf2422651c0df4fb9884d8929d260593cf1a46f18 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 20:20

Sharing

Report Analysis Logs

General

Target

bcb73ae1da83cd71348d07d40e607427.dll
Size

58KB
MD5

bcb73ae1da83cd71348d07d40e607427
SHA1

5d2f2a2400d0541739d54ed8a858b1e78f8c8ffa
SHA256

1a39774c30bfca80494f37edf2422651c0df4fb9884d8929d260593cf1a46f18
SHA512

a9e41b5a04fa393564929a1f667ffd9ec1d0438df9c3f5a6ce6ac496087a5c11fc1a6acde68903b5c0d3aba3e2f1b1dbfb62978633af0ce7aebac7381b1c8a8b
SSDEEP

1536:vvbRiV0uSAO2ltMIBmeofFYkdmej3gJ1vSSW:3qSAOIBhofQej3gfvY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28
PID 2208 wrote to memory of 1752	2208	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcb73ae1da83cd71348d07d40e607427.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcb73ae1da83cd71348d07d40e607427.dll,#1
  2⤵
  PID:1752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1752-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/1752-2-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download