15c0fea48a94b9de0f0d2c8b009b7bb0735295f223c4fb08debf70b4a71adbf9 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 18:55

Sharing

Report Analysis Logs

General

Target

15c0fea48a94b9de0f0d2c8b009b7bb0735295f223c4fb08debf70b4a71adbf9.dll
Size

3KB
MD5

c5ea5ea86fce431b432bd9dda2d61a43
SHA1

9b328d6bb6c7f02d41fb3e974d6a83159b4b8c65
SHA256

15c0fea48a94b9de0f0d2c8b009b7bb0735295f223c4fb08debf70b4a71adbf9
SHA512

404dc88aac64b70e4a0e3d779842e39b0326255ced294b1d0cd007e9e5842512cfba3179bc9762ca22def3fd449b3b32074921025aac0391c3a9cf6ba58b00f4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28
PID 2028 wrote to memory of 2656	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15c0fea48a94b9de0f0d2c8b009b7bb0735295f223c4fb08debf70b4a71adbf9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15c0fea48a94b9de0f0d2c8b009b7bb0735295f223c4fb08debf70b4a71adbf9.dll,#1
  2⤵
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads