5bae14566acaf13b4102f36e5a525e30c3f7bc08e3ac2eb3744db622f95cd53e | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 11:56

Sharing

Report Analysis Logs

General

Target

d60cd7cdbd4e115e5a69d6e09b8d8a25.dll
Size

136KB
MD5

d60cd7cdbd4e115e5a69d6e09b8d8a25
SHA1

aeb02220846a9cb8e52c9070f832b5fde4f34b30
SHA256

5bae14566acaf13b4102f36e5a525e30c3f7bc08e3ac2eb3744db622f95cd53e
SHA512

aebd296b660e2b9af986d4b8a4ada24200162c54a2498c4de5af7da65d2182d71fe589ba0270779116e16ccf8a43e975303fe7948d366be885fd20cc98705a3d
SSDEEP

3072:+yQ4SZRskUeaaZ/OlymWqno+nni1RTC9uO7logyA:+yqUkUeaaclD5WRTOygV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3016	3048	rundll32.exe	28
PID 3048 wrote to memory of 3016	3048	rundll32.exe	28
PID 3048 wrote to memory of 3016	3048	rundll32.exe	28
PID 3048 wrote to memory of 3016	3048	rundll32.exe	28
PID 3048 wrote to memory of 3016	3048	rundll32.exe	28
PID 3048 wrote to memory of 3016	3048	rundll32.exe	28
PID 3048 wrote to memory of 3016	3048	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d60cd7cdbd4e115e5a69d6e09b8d8a25.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d60cd7cdbd4e115e5a69d6e09b8d8a25.dll,#1
  2⤵
  PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads