1646c032c7726fb2da7301eda1caeaef06645aec7b65be34e4cd4ae8dd96b36e | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 18:15

Sharing

Report Analysis Logs

General

Target

dfcb5869a53b77b0508febddfac186ea.dll
Size

32KB
MD5

dfcb5869a53b77b0508febddfac186ea
SHA1

e823deea9bec03a8171fb03c00224217aff78a06
SHA256

1646c032c7726fb2da7301eda1caeaef06645aec7b65be34e4cd4ae8dd96b36e
SHA512

955dd63a5853a0f36272694186bdd9de44a5698c63d1a1a5b69407edd1c7cae8aa925f44bf70bb55fd2f503442a0dc5920f015268e3bc83ee06b3108ca9cb889
SSDEEP

768:wvxxY6H50BFFZFOO+Q548Szj4g/7aygIhWk6q:CxYBBF0O+Q541j4Nuv

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 2948	1008	rundll32.exe	28
PID 1008 wrote to memory of 2948	1008	rundll32.exe	28
PID 1008 wrote to memory of 2948	1008	rundll32.exe	28
PID 1008 wrote to memory of 2948	1008	rundll32.exe	28
PID 1008 wrote to memory of 2948	1008	rundll32.exe	28
PID 1008 wrote to memory of 2948	1008	rundll32.exe	28
PID 1008 wrote to memory of 2948	1008	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfcb5869a53b77b0508febddfac186ea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dfcb5869a53b77b0508febddfac186ea.dll,#1
  2⤵
  PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2948-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2948-1-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2948-2-0x0000000000160000-0x0000000000165000-memory.dmp

Filesize
20KB

Download