27965946bae01e8e55db062d55a7a71b5acf9fd42e5f170f12ac60350ee5b733 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17-04-2024 19:43

Sharing

Report Analysis Logs

General

Target

27965946bae01e8e55db062d55a7a71b5acf9fd42e5f170f12ac60350ee5b733.dll
Size

3KB
MD5

d752a39231b76fb9b9b35c6f2c8a4b77
SHA1

65778bbcf25e5abdcc9ad723b625001062faaf35
SHA256

27965946bae01e8e55db062d55a7a71b5acf9fd42e5f170f12ac60350ee5b733
SHA512

4f68c867a6b427d06f3c320a638991c8587810f5d114799cc877e4be2deea73bed9dd92038803b839c359ace324d16a083514d1afb63c1392d711b46b4f6e7cd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 2900	1296	rundll32.exe	28
PID 1296 wrote to memory of 2900	1296	rundll32.exe	28
PID 1296 wrote to memory of 2900	1296	rundll32.exe	28
PID 1296 wrote to memory of 2900	1296	rundll32.exe	28
PID 1296 wrote to memory of 2900	1296	rundll32.exe	28
PID 1296 wrote to memory of 2900	1296	rundll32.exe	28
PID 1296 wrote to memory of 2900	1296	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27965946bae01e8e55db062d55a7a71b5acf9fd42e5f170f12ac60350ee5b733.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27965946bae01e8e55db062d55a7a71b5acf9fd42e5f170f12ac60350ee5b733.dll,#1
  2⤵
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads