e807de5f9eeedece226f3a6481bea6da0253513f38c9b4ef418b9e8ae6274748 | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 10:01

Sharing

Report Analysis Logs

General

Target

c85799f315fc0fb89fb90fb33d9f2761.dll
Size

17KB
MD5

c85799f315fc0fb89fb90fb33d9f2761
SHA1

12e05a889e1dae9aea9aaf304aa44a22cad5c79a
SHA256

e807de5f9eeedece226f3a6481bea6da0253513f38c9b4ef418b9e8ae6274748
SHA512

e7450bc5a39f713a41237d4f9151d4019d7253e8fc941e8656441d07e935d87d12ba55175fd967811f3f1c31d3531511a81a4ae27ab7c2d4bbffbffeccf0c78b
SSDEEP

384:6Uo/w/F0YzWsrWzM8PkTGKX8WIbxzMQsi34:6U3/WYSs8WGKs5RMQsi34

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 764	2416	rundll32.exe	28
PID 2416 wrote to memory of 764	2416	rundll32.exe	28
PID 2416 wrote to memory of 764	2416	rundll32.exe	28
PID 2416 wrote to memory of 764	2416	rundll32.exe	28
PID 2416 wrote to memory of 764	2416	rundll32.exe	28
PID 2416 wrote to memory of 764	2416	rundll32.exe	28
PID 2416 wrote to memory of 764	2416	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c85799f315fc0fb89fb90fb33d9f2761.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c85799f315fc0fb89fb90fb33d9f2761.dll,#1
  2⤵
  PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/764-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/764-1-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download