a6eb7a7372c462b2e181014540491a062c540edc4ba0f65a9169cfbfb473e6c7 | Triage

Analysis

max time kernel
20s
max time network
19s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 07:17

Sharing

Report Analysis Logs

General

Target

bin/daemon.dll
Size

297KB
MD5

fe39e5e036b5c86ddb3ef2ada62ba0bf
SHA1

00adcabbca99ae74fda7794cc06af77d9cb3090c
SHA256

54fdaee273829f0b616a7aa61d8a1bc00b3f6e4b16c4c73b778ceffa5c5e47ba
SHA512

bdb6762be72b80d468af9b35c39608badc85184d5db2472acad87e3db496db044df4ba08730b9c7f5543d9f7753617683556786bdf63e6ded966bea86ca5afbf
SSDEEP

6144:V1aeIQpSVT0Upr7puka5WHKh0mF9Q77vaPTB7e5n3OuL/A5T:VOQpSS+r7puka5WY0mU7vaPTBe5n3jTW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2616	2988	rundll32.exe	28
PID 2988 wrote to memory of 2616	2988	rundll32.exe	28
PID 2988 wrote to memory of 2616	2988	rundll32.exe	28
PID 2988 wrote to memory of 2616	2988	rundll32.exe	28
PID 2988 wrote to memory of 2616	2988	rundll32.exe	28
PID 2988 wrote to memory of 2616	2988	rundll32.exe	28
PID 2988 wrote to memory of 2616	2988	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\daemon.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\daemon.dll,#1
  2⤵
  PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads