73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf | Triage

Analysis

max time kernel
118s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 20:25

Sharing

Report Analysis Logs

General

Target

latteloader.dll
Size

385KB
MD5

1ce7d5a1566c8c449d0f6772a8c27900
SHA1

60854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA256

73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA512

7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753
SSDEEP

6144:Tv/ioKdMF+LZD/ZRj1vwWrrUFMNoz4pFGxjEB1NYAOrabN2GZvFcD7:Td+LZrNwWrrwMNoz4vG1OYZabtK7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2752	1632	rundll32.exe	27
PID 1632 wrote to memory of 2752	1632	rundll32.exe	27
PID 1632 wrote to memory of 2752	1632	rundll32.exe	27
PID 1632 wrote to memory of 2752	1632	rundll32.exe	27
PID 1632 wrote to memory of 2752	1632	rundll32.exe	27
PID 1632 wrote to memory of 2752	1632	rundll32.exe	27
PID 1632 wrote to memory of 2752	1632	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\latteloader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\latteloader.dll,#1
  2⤵
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads