5f3b08031e2a73e33425b1115a1681002da264719fc2466cf71075c526334615 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 12:37

Sharing

Report Analysis Logs

General

Target

c36439fab108c90a942b96301c0d2a1e.dll
Size

212KB
MD5

c36439fab108c90a942b96301c0d2a1e
SHA1

ea650a8c23c381eae7c2355c46cbd97613ac6439
SHA256

5f3b08031e2a73e33425b1115a1681002da264719fc2466cf71075c526334615
SHA512

757bca636aa047b54e999b45afb9a5e0fad97ecf31ce1b0b560fb650c586deec90a8dcd06833b1be4e6213a7da0aec5dd1863eb6c1c0e0b7dbcb214e129e4151
SSDEEP

6144:7aNy8vP5v4EFBIewIpAhl/MaGZA/im9iYvnFV:7uy8vP5ZFCedOlG4nr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 804	2468	rundll32.exe	28
PID 2468 wrote to memory of 804	2468	rundll32.exe	28
PID 2468 wrote to memory of 804	2468	rundll32.exe	28
PID 2468 wrote to memory of 804	2468	rundll32.exe	28
PID 2468 wrote to memory of 804	2468	rundll32.exe	28
PID 2468 wrote to memory of 804	2468	rundll32.exe	28
PID 2468 wrote to memory of 804	2468	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c36439fab108c90a942b96301c0d2a1e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c36439fab108c90a942b96301c0d2a1e.dll,#1
  2⤵
  PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads