309af970f2d957ae27f69d27d157c39da7a4419d7f99c53f757bb75a4766b19a | Triage

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 10:11

Sharing

Report Analysis Logs

General

Target

a16e0592db3cc83d4b0812488f4e9b22981a5a6f.dll
Size

61KB
MD5

87f62453c5b8d5bd8cc6d599f1326c43
SHA1

a16e0592db3cc83d4b0812488f4e9b22981a5a6f
SHA256

8d4780b93a4ae808e73745ce99b18e1d5e867845e373bcfbafb6a87bda48cd34
SHA512

192af796710ca931126af4d42b3f5a0ab5a5cbf747b07780cbe6f0b3d518067c082cbefbe69bc2389da0c40736858c9520c8af7de55b94580827e2a8ecd27a0e
SSDEEP

1536:xf6CzZ70IJ/fCwaKZWFgC25kQQQQl3/W8Dh:xJFWGC25kQQQQlpD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2212	1908	rundll32.exe	28
PID 1908 wrote to memory of 2212	1908	rundll32.exe	28
PID 1908 wrote to memory of 2212	1908	rundll32.exe	28
PID 1908 wrote to memory of 2212	1908	rundll32.exe	28
PID 1908 wrote to memory of 2212	1908	rundll32.exe	28
PID 1908 wrote to memory of 2212	1908	rundll32.exe	28
PID 1908 wrote to memory of 2212	1908	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a16e0592db3cc83d4b0812488f4e9b22981a5a6f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a16e0592db3cc83d4b0812488f4e9b22981a5a6f.dll,#1
  2⤵
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads