02cb78dc3a777239b03910c670569372ffd38e04157465dd2ce84599d95f6f3a | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 18:11

Sharing

Report Analysis Logs

General

Target

02cb78dc3a777239b03910c670569372ffd38e04157465dd2ce84599d95f6f3a.dll
Size

3KB
MD5

3536939607577973d1f3dad99899008a
SHA1

41f1d3caf17691dba9a02e75f4da2f3fad27e521
SHA256

02cb78dc3a777239b03910c670569372ffd38e04157465dd2ce84599d95f6f3a
SHA512

083dc059971e60fe16ae84d35ae04c0ec07c650fb14dad5e2bd47ddfbdf62ea4a4bb32843c1f615a24df79ff3e8e4475dd92a6d31088539b9cc97170fe776257

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2792	1108	rundll32.exe	28
PID 1108 wrote to memory of 2792	1108	rundll32.exe	28
PID 1108 wrote to memory of 2792	1108	rundll32.exe	28
PID 1108 wrote to memory of 2792	1108	rundll32.exe	28
PID 1108 wrote to memory of 2792	1108	rundll32.exe	28
PID 1108 wrote to memory of 2792	1108	rundll32.exe	28
PID 1108 wrote to memory of 2792	1108	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02cb78dc3a777239b03910c670569372ffd38e04157465dd2ce84599d95f6f3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02cb78dc3a777239b03910c670569372ffd38e04157465dd2ce84599d95f6f3a.dll,#1
  2⤵
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads