6d8132bbf323f417a2b7eb1afe0e291874ea748b84bd93df53296b2356d7ceca | Triage

Analysis

max time kernel
1559s
max time network
1564s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 19:05

Sharing

Report Analysis Logs

General

Target

SDL.dll
Size

232KB
MD5

d9e34fc5c608a739a54189da555db7cb
SHA1

4062f5648fc8149c5b34a943aa5419453b4e1db3
SHA256

6a86f58b260dd03a0bda54d21528589597b686186c401da7fa6f9473a49c2590
SHA512

3cce57b77169d501575e3e6886ab38f0203703dfd62a2d3b8167d19e9bfccff9ea5b77c2c9d34a30bbd6549439a217dfec8e53afe3e803b0b067e798f72d453e
SSDEEP

6144:PRurKKvrrrrrryM5X0q0bldVOMAJOFPbnTk7vIe6YqhZ0W:PRCKKvrrrrrryM5M7V2OFPcuD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2984	3056	rundll32.exe	28
PID 3056 wrote to memory of 2984	3056	rundll32.exe	28
PID 3056 wrote to memory of 2984	3056	rundll32.exe	28
PID 3056 wrote to memory of 2984	3056	rundll32.exe	28
PID 3056 wrote to memory of 2984	3056	rundll32.exe	28
PID 3056 wrote to memory of 2984	3056	rundll32.exe	28
PID 3056 wrote to memory of 2984	3056	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SDL.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SDL.dll,#1
  2⤵
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads