d22041d458e9dde8ca700c9f1fa4052af70ebf2529ca2b6ec9851fad5bfb5b53 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 21:28

Sharing

Report Analysis Logs

General

Target

133ff6b7435d3fadbaaccce33d58d650.dll
Size

6KB
MD5

133ff6b7435d3fadbaaccce33d58d650
SHA1

479d4d83c3c70fb6f4b5492de37dbc32696f0c1b
SHA256

d22041d458e9dde8ca700c9f1fa4052af70ebf2529ca2b6ec9851fad5bfb5b53
SHA512

0ddfe7112ee6d655d86ae0fc9a5cde1f742f5d2c2e7618d6a30838e4c4c998a6250cc17b0f492b00e4e1feb17f3d0f98cc34b7c596366e2f37de65b8a406e41d
SSDEEP

48:63mll5YVOa9VUX1iwbQWu01B+BDq9J5SH:VDa9VUX9bQWVB+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\133ff6b7435d3fadbaaccce33d58d650.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\133ff6b7435d3fadbaaccce33d58d650.dll,#1
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads