e34536e5a0e5c11b0d9aef471f09a91e95d9d9e6ef8ca1572f227e18bd65ef9b | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 03:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e34536e5a0e5c11b0d9aef471f09a91e95d9d9e6ef8ca1572f227e18bd65ef9b.dll
Size

3KB
MD5

c8c5b50e9317e46fbc5aa970167ba7dd
SHA1

c77a13815a9fc7577c903876b2737bd53f622a21
SHA256

e34536e5a0e5c11b0d9aef471f09a91e95d9d9e6ef8ca1572f227e18bd65ef9b
SHA512

5251e74fa31bb578245bf233515bc77833ad8e525f26d162ad7a605c2f2195247bf2f3a41b749a817539e4f30d90b256e5ca0bc40d4eac8431e41eb01a8ec842

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1676	2128	rundll32.exe	28
PID 2128 wrote to memory of 1676	2128	rundll32.exe	28
PID 2128 wrote to memory of 1676	2128	rundll32.exe	28
PID 2128 wrote to memory of 1676	2128	rundll32.exe	28
PID 2128 wrote to memory of 1676	2128	rundll32.exe	28
PID 2128 wrote to memory of 1676	2128	rundll32.exe	28
PID 2128 wrote to memory of 1676	2128	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e34536e5a0e5c11b0d9aef471f09a91e95d9d9e6ef8ca1572f227e18bd65ef9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e34536e5a0e5c11b0d9aef471f09a91e95d9d9e6ef8ca1572f227e18bd65ef9b.dll,#1
  2⤵
  PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads