123f1e01963d9e452bfdc219bc7053c26652d9be448a0a553541af28bfa07067 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 11:22

Sharing

Report Analysis Logs

General

Target

c33c311ab3739d4c79b6df021c2e1563.dll
Size

31KB
MD5

c33c311ab3739d4c79b6df021c2e1563
SHA1

ff972c09cbc6164eeb9d7b37b4c9f06f31e7ac68
SHA256

123f1e01963d9e452bfdc219bc7053c26652d9be448a0a553541af28bfa07067
SHA512

23f7e0dd6209dd587a17dbebe209cd10ececef48a150204260a1e9199305d7944c8231d1fb3e7ee9981e79a314da60887432983c5d29f41b739143ad17ee4638
SSDEEP

768:o2QaW69MIUSNEy1zQAgcnl6mOtMgNtpGuF:HNXJEyVBlaNt5F

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1784	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1784	1688	rundll32.exe	28
PID 1688 wrote to memory of 1784	1688	rundll32.exe	28
PID 1688 wrote to memory of 1784	1688	rundll32.exe	28
PID 1688 wrote to memory of 1784	1688	rundll32.exe	28
PID 1688 wrote to memory of 1784	1688	rundll32.exe	28
PID 1688 wrote to memory of 1784	1688	rundll32.exe	28
PID 1688 wrote to memory of 1784	1688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c33c311ab3739d4c79b6df021c2e1563.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c33c311ab3739d4c79b6df021c2e1563.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads