0b18ba0573f449ecb8b796c4496b14e94ae745dccfb7568545be7dace8489a6c | Triage

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 00:13

Sharing

Report Analysis Logs

General

Target

components/foo_masstag.dll
Size

304KB
MD5

55af69481bc2747f5e420ee32c500b93
SHA1

396858f68951ff8107a00c87009b0a6e7f308444
SHA256

d2076b4e3a09b8c447487bbe6fc327af863e57ceb4b583a0c619c3f38851cf72
SHA512

13e23b7c25b5ee2acf30dab718b1d8f801f5e1405a844b4d379d268b505f16592d9056b17e1a895b1844acbca68cf0860a15e7fc69e0c67d83c0a90a965d73c8
SSDEEP

6144:JFMDD+DF3Jieq8EX7QqqLb/mJsAOq6ka:qE5ieq8EX7eLrmJsZ3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2736	2496	rundll32.exe	28
PID 2496 wrote to memory of 2736	2496	rundll32.exe	28
PID 2496 wrote to memory of 2736	2496	rundll32.exe	28
PID 2496 wrote to memory of 2736	2496	rundll32.exe	28
PID 2496 wrote to memory of 2736	2496	rundll32.exe	28
PID 2496 wrote to memory of 2736	2496	rundll32.exe	28
PID 2496 wrote to memory of 2736	2496	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\components\foo_masstag.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\components\foo_masstag.dll,#1
  2⤵
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2736-0-0x0000000010000000-0x0000000010050000-memory.dmp

Filesize
320KB

Download
memory/2736-1-0x0000000010000000-0x0000000010050000-memory.dmp

Filesize
320KB

Download