4a126ec2c1338c8983c76dbaeeb9b01b1e9b6e81c61e5f7a1346e129a720336d | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 21:46

Sharing

Report Analysis Logs

General

Target

4a126ec2c1338c8983c76dbaeeb9b01b1e9b6e81c61e5f7a1346e129a720336d.dll
Size

4KB
MD5

473348283502f66cbde6f352e217b24a
SHA1

3730d669b69254b7aa7ca26578db25005e0aef40
SHA256

4a126ec2c1338c8983c76dbaeeb9b01b1e9b6e81c61e5f7a1346e129a720336d
SHA512

ec506a022cb3cce2834f01665c9f7de322b45db4043f50959d112956d7b57c0c15bb5f9fa42525d8017b2987f16ed8a2f52d16738472a59e11796ed29e9a7f7a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2184	836	rundll32.exe	28
PID 836 wrote to memory of 2184	836	rundll32.exe	28
PID 836 wrote to memory of 2184	836	rundll32.exe	28
PID 836 wrote to memory of 2184	836	rundll32.exe	28
PID 836 wrote to memory of 2184	836	rundll32.exe	28
PID 836 wrote to memory of 2184	836	rundll32.exe	28
PID 836 wrote to memory of 2184	836	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a126ec2c1338c8983c76dbaeeb9b01b1e9b6e81c61e5f7a1346e129a720336d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a126ec2c1338c8983c76dbaeeb9b01b1e9b6e81c61e5f7a1346e129a720336d.dll,#1
  2⤵
  PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads