8fdf888855695ae05d751712dbbe7dd47e1e8f451a0c469f616178dc7cf0b396 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/04/2024, 22:56

Sharing

Report Analysis Logs

General

Target

8fdf888855695ae05d751712dbbe7dd47e1e8f451a0c469f616178dc7cf0b396.dll
Size

3KB
MD5

8b2880a6d1b8b3f996e6cc701a62d1d4
SHA1

2156a975ff0200ba898b2efbd8507ff9936f3f12
SHA256

8fdf888855695ae05d751712dbbe7dd47e1e8f451a0c469f616178dc7cf0b396
SHA512

5edd03b4f436a4c67e5d4907432ac61b6048296b822591c2c109ef4a67787d46b446361bc0c0e23832f2198b4e60d839d06b44b9ba5db19c3a869cd0b36596c5

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2300	1724	rundll32.exe	28
PID 1724 wrote to memory of 2300	1724	rundll32.exe	28
PID 1724 wrote to memory of 2300	1724	rundll32.exe	28
PID 1724 wrote to memory of 2300	1724	rundll32.exe	28
PID 1724 wrote to memory of 2300	1724	rundll32.exe	28
PID 1724 wrote to memory of 2300	1724	rundll32.exe	28
PID 1724 wrote to memory of 2300	1724	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fdf888855695ae05d751712dbbe7dd47e1e8f451a0c469f616178dc7cf0b396.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fdf888855695ae05d751712dbbe7dd47e1e8f451a0c469f616178dc7cf0b396.dll,#1
  2⤵
  PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads