a5e54f96bab9bcc8a470ddc70480571b437576ce6b1de9220782d041bad12bcf | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 23:35

Sharing

Report Analysis Logs

General

Target

dd82048872ebad8f73984aa0fc8913d7.dll
Size

3KB
MD5

dd82048872ebad8f73984aa0fc8913d7
SHA1

f8cc12f9f94ccfff10e287d7f71c499c974d9c8a
SHA256

a5e54f96bab9bcc8a470ddc70480571b437576ce6b1de9220782d041bad12bcf
SHA512

46a366b3c88afdf131fa1a20e6ec8c6561076199c661e47a804cceebb7dfc5322f59b03682cf62ec03d2f465720482259c2227bb69a1ff0faf702a12ad01e15a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2956	2212	rundll32.exe	28
PID 2212 wrote to memory of 2956	2212	rundll32.exe	28
PID 2212 wrote to memory of 2956	2212	rundll32.exe	28
PID 2212 wrote to memory of 2956	2212	rundll32.exe	28
PID 2212 wrote to memory of 2956	2212	rundll32.exe	28
PID 2212 wrote to memory of 2956	2212	rundll32.exe	28
PID 2212 wrote to memory of 2956	2212	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd82048872ebad8f73984aa0fc8913d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd82048872ebad8f73984aa0fc8913d7.dll,#1
  2⤵
  PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads