f065529a8e0d9acf4a0112e9532afbcad8a6e1b04fe68821d2e74eb27792b703 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 09:01

Sharing

Report Analysis Logs

General

Target

cda5992ae254196cdd639470a19b6122.dll
Size

128KB
MD5

cda5992ae254196cdd639470a19b6122
SHA1

ee4b96cfc4e44ceeddf181fb8d5058f162f60dcc
SHA256

f065529a8e0d9acf4a0112e9532afbcad8a6e1b04fe68821d2e74eb27792b703
SHA512

0aee1788dbc39130e8574e144882e85526b6ec8743574ce458fe001597ff04f7bdfae37ff1c41cf88b9a888411e42490ed08870cee19f01b6ccc647a2477f441
SSDEEP

1536:d548+/4twYXQ8PSaW+Jxu/wHuX+DIqeOpvUuEi4PS:d54TrfalJcrZOF5z

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2988	2956	rundll32.exe	28
PID 2956 wrote to memory of 2988	2956	rundll32.exe	28
PID 2956 wrote to memory of 2988	2956	rundll32.exe	28
PID 2956 wrote to memory of 2988	2956	rundll32.exe	28
PID 2956 wrote to memory of 2988	2956	rundll32.exe	28
PID 2956 wrote to memory of 2988	2956	rundll32.exe	28
PID 2956 wrote to memory of 2988	2956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cda5992ae254196cdd639470a19b6122.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cda5992ae254196cdd639470a19b6122.dll,#1
  2⤵
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2988-0-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download
memory/2988-1-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download
memory/2988-2-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download