c0251da22ec94503d07205c1b1adc82f05ea8d8f854f090f47ce7cb4e7a8607d | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 22:49

Sharing

Report Analysis Logs

General

Target

7312c6035f2e57e48125e691aa4d8125.dll
Size

6KB
MD5

7312c6035f2e57e48125e691aa4d8125
SHA1

75aa45fa0419992377f6542b576b2889f586a6cf
SHA256

c0251da22ec94503d07205c1b1adc82f05ea8d8f854f090f47ce7cb4e7a8607d
SHA512

21f5e3100bfee1673c799f900964d9befb69e4242bd101f85103e2f33d3e207e2a2c0696890ba7826dbe31b727f086bb6f420f81bb7e6804b9d2cdfd3ffbf4be
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G0LB+BDq9J5S2:0QDV8FscMjsLFV3TB+FqX5S2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2200	2356	rundll32.exe	28
PID 2356 wrote to memory of 2200	2356	rundll32.exe	28
PID 2356 wrote to memory of 2200	2356	rundll32.exe	28
PID 2356 wrote to memory of 2200	2356	rundll32.exe	28
PID 2356 wrote to memory of 2200	2356	rundll32.exe	28
PID 2356 wrote to memory of 2200	2356	rundll32.exe	28
PID 2356 wrote to memory of 2200	2356	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7312c6035f2e57e48125e691aa4d8125.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7312c6035f2e57e48125e691aa4d8125.dll,#1
  2⤵
  PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads