4e8d5ae092dfe0e8c116ddc70843dd07fde2d4407ab5462852ae73260bff1c90 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 19:59

Sharing

Report Analysis Logs

General

Target

c6bc38f5d1cd5eb9bd69189edf971c28.dll
Size

53KB
MD5

c6bc38f5d1cd5eb9bd69189edf971c28
SHA1

bb96d9ebf9759318cbc559e95cf5c1de7a2a6519
SHA256

4e8d5ae092dfe0e8c116ddc70843dd07fde2d4407ab5462852ae73260bff1c90
SHA512

9200c358a321af12443a64415fb5481c63c469f5658fc89fb8c06c0f596bc7467d4d3186db982bcf77a5f921cc38038a243f62c214fdfbdf86e66db5b3324ae2
SSDEEP

1536:B2q7FsYSqdPB8LdChtoXce2oE0JNYSJ1gXB:TFbSwPaChtoXcebO4gXB

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1196	rundll32.exe
1196	rundll32.exe
1196	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1196	2304	rundll32.exe	28
PID 2304 wrote to memory of 1196	2304	rundll32.exe	28
PID 2304 wrote to memory of 1196	2304	rundll32.exe	28
PID 2304 wrote to memory of 1196	2304	rundll32.exe	28
PID 2304 wrote to memory of 1196	2304	rundll32.exe	28
PID 2304 wrote to memory of 1196	2304	rundll32.exe	28
PID 2304 wrote to memory of 1196	2304	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6bc38f5d1cd5eb9bd69189edf971c28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6bc38f5d1cd5eb9bd69189edf971c28.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1196-0-0x00000000001C0000-0x00000000001D2000-memory.dmp

Filesize
72KB

Download