e9b61085da2cb9fafc13aada4f6e7057023ef25da3b66311ed7ce51e68595168 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 09:07

Sharing

Report Analysis Logs

General

Target

cb05c69cb5982f58888b553d094eed16.dll
Size

58KB
MD5

cb05c69cb5982f58888b553d094eed16
SHA1

d6af7e8ce4d24218a51c6c46e200791e18182f46
SHA256

e9b61085da2cb9fafc13aada4f6e7057023ef25da3b66311ed7ce51e68595168
SHA512

43f0e52f01059fe69a284bb51fe1221819f4fb000f9deb3309b2eba8f55e8b223669f0be450be0593abb21ba9f54d8ae67a223c7ed192506e3228c5cc171c888
SSDEEP

1536:uXD6P2da9xcQqjauFkbDyx49R52CBpQ2TFW6dP:oZ9v3cNn

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 280	2328	rundll32.exe	28
PID 2328 wrote to memory of 280	2328	rundll32.exe	28
PID 2328 wrote to memory of 280	2328	rundll32.exe	28
PID 2328 wrote to memory of 280	2328	rundll32.exe	28
PID 2328 wrote to memory of 280	2328	rundll32.exe	28
PID 2328 wrote to memory of 280	2328	rundll32.exe	28
PID 2328 wrote to memory of 280	2328	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb05c69cb5982f58888b553d094eed16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb05c69cb5982f58888b553d094eed16.dll,#1
  2⤵
  PID:280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/280-0-0x0000000074BA0000-0x0000000074BC3000-memory.dmp

Filesize
140KB

Download
memory/280-1-0x0000000074BA0000-0x0000000074BC3000-memory.dmp

Filesize
140KB

Download
memory/280-2-0x0000000074BA0000-0x0000000074BC3000-memory.dmp

Filesize
140KB

Download