efc5e2bfc32cacb021d92e6cb01c907a04555b3d79b585c3e4e2366871e6a500 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 12:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e1aaffe2b188e737a90d0fd8e497e048.dll
Size

62KB
MD5

e1aaffe2b188e737a90d0fd8e497e048
SHA1

91f2d02b593892b930c9b05b2ad1037234168f40
SHA256

efc5e2bfc32cacb021d92e6cb01c907a04555b3d79b585c3e4e2366871e6a500
SHA512

8dcece363df867fc934130fb736e30ecaccbae4dabc8a63b991b785f607837413e0104a03105d62cd8c8522dc55c11f4d276a4111edd940b52833b7fb83519ee
SSDEEP

1536:dQ76ypVp2Gieq609+5jt8FwhLkhdR1jRmHAxwS:S75VietTLoqS

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2012	1660	rundll32.exe	28
PID 1660 wrote to memory of 2012	1660	rundll32.exe	28
PID 1660 wrote to memory of 2012	1660	rundll32.exe	28
PID 1660 wrote to memory of 2012	1660	rundll32.exe	28
PID 1660 wrote to memory of 2012	1660	rundll32.exe	28
PID 1660 wrote to memory of 2012	1660	rundll32.exe	28
PID 1660 wrote to memory of 2012	1660	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1aaffe2b188e737a90d0fd8e497e048.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1aaffe2b188e737a90d0fd8e497e048.dll,#1
  2⤵
  PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads