7e1ffecef00c4a53174310cf7f05a0daff64a879893a0903750ea388fdef9083 | Triage

Resubmissions

16-04-2024 14:52

240416-r8ytzaed41 3

16-04-2024 14:48

240416-r6yfesec71 3

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 14:48

Sharing

Report Analysis Logs

General

Target

WinDivert.dll
Size

42KB
MD5

387b5f1334fe717221295b18203cd70c
SHA1

0d0683bb05a94bfa0eaf98bc7e6f8d7b4f98502c
SHA256

a321649090c21aaa7529ce5d019d242b1d5f2a2aff04bc3224db409641604a83
SHA512

8e5bacf9450b34af08dda9be3795c164f9f126280de22fd86333e054ebc98c0cdb1e3f2b41a28078ef724e8829ac47179f141c6a7d02f2ec3aecd1a6c9100c2c
SSDEEP

768:+m+fLaa+rRDCykwVeNhHW68R9c581oWXGEwcmC1zUtTwekTqkimOc4b:+m+fLaxrYh268R9c5lWXGEzmqTqk6d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2280	2916	rundll32.exe	28
PID 2916 wrote to memory of 2280	2916	rundll32.exe	28
PID 2916 wrote to memory of 2280	2916	rundll32.exe	28
PID 2916 wrote to memory of 2280	2916	rundll32.exe	28
PID 2916 wrote to memory of 2280	2916	rundll32.exe	28
PID 2916 wrote to memory of 2280	2916	rundll32.exe	28
PID 2916 wrote to memory of 2280	2916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WinDivert.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\WinDivert.dll,#1
  2⤵
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads