3a8a0a56b7dbdd91d1935c0a13ffe97ad5563ddf6178cca99db7f330d07aebb2 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 12:29

Sharing

Report Analysis Logs

General

Target

df29bdef141ad03484d8fb82ea58e2a4.dll
Size

28KB
MD5

df29bdef141ad03484d8fb82ea58e2a4
SHA1

69be07931464d63f738c46e0f8cc7819e1b641bd
SHA256

3a8a0a56b7dbdd91d1935c0a13ffe97ad5563ddf6178cca99db7f330d07aebb2
SHA512

9d3199a84102ff952f781a109cefaef6b439f6535c294e880abd532f59bd284d65e3a4aef67e8ef2df6a97245f8bb974f7cad52731e1251bc496e62d61881000
SSDEEP

192:TwkWJX5gLrzg+szNdwVzEVcb7XJr0Fx0Ze2qb:TwkWHg3zzI3URh9s

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1260	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 1260	912	rundll32.exe	28
PID 912 wrote to memory of 1260	912	rundll32.exe	28
PID 912 wrote to memory of 1260	912	rundll32.exe	28
PID 912 wrote to memory of 1260	912	rundll32.exe	28
PID 912 wrote to memory of 1260	912	rundll32.exe	28
PID 912 wrote to memory of 1260	912	rundll32.exe	28
PID 912 wrote to memory of 1260	912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df29bdef141ad03484d8fb82ea58e2a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\df29bdef141ad03484d8fb82ea58e2a4.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads