c1a9740e8d3e93fb61c3ebc03d8d1d3c3579d0f95e0ecebcccc33a0b3dfe2f24 | Triage

Analysis

max time kernel
120s
max time network
155s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 23:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fbc79b7a145fcf9a37074a78ce61120e.dll
Size

6KB
MD5

fbc79b7a145fcf9a37074a78ce61120e
SHA1

2e17839fc9a4a2cda9ad72593419a2919b7468cf
SHA256

c1a9740e8d3e93fb61c3ebc03d8d1d3c3579d0f95e0ecebcccc33a0b3dfe2f24
SHA512

122ef2424c9d110fcdd3ddacc0788fd42169f710f509b9a4ee98c76dc6c3f130bca734689fab7f3b6b84050101af115e68f91d2e4acc3dbc7985b6785f25f164
SSDEEP

48:6EQt5YVOSVVEPy+wEMmqiHNpU10MB+BDq9J5SV3DY:CSVVEPozmB7+B+FqX5S1D

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2752	2564	rundll32.exe	29
PID 2564 wrote to memory of 2752	2564	rundll32.exe	29
PID 2564 wrote to memory of 2752	2564	rundll32.exe	29
PID 2564 wrote to memory of 2752	2564	rundll32.exe	29
PID 2564 wrote to memory of 2752	2564	rundll32.exe	29
PID 2564 wrote to memory of 2752	2564	rundll32.exe	29
PID 2564 wrote to memory of 2752	2564	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbc79b7a145fcf9a37074a78ce61120e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbc79b7a145fcf9a37074a78ce61120e.dll,#1
  2⤵
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads