868399484238e64467781f9b50364846847a4afe594ccb05f246633ab2381a21 | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 23:46

Sharing

Report Analysis Logs

General

Target

868399484238e64467781f9b50364846847a4afe594ccb05f246633ab2381a21.dll
Size

3KB
MD5

89d363cf7dbc4c849ceaa8b39ed73cba
SHA1

f5ecd02b486f7dc0ab9fc6e5cdd09e6a6bd118bc
SHA256

868399484238e64467781f9b50364846847a4afe594ccb05f246633ab2381a21
SHA512

fb997cbea04b907e132d08dd160523bb8aa15fbebc3ceb131c400d4ab52fce00e5eef661e8a05c5bbb4abdea0a7d8b7b09d9fefffc775ffc81d74255fcfb67fb

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28
PID 1760 wrote to memory of 2760	1760	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\868399484238e64467781f9b50364846847a4afe594ccb05f246633ab2381a21.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\868399484238e64467781f9b50364846847a4afe594ccb05f246633ab2381a21.dll,#1
  2⤵
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads