9b587f0574d013ada38f6973195e0ebcb1889952370dd3396e9f89e3622ff81a | Triage

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 01:43

Sharing

Report Analysis Logs

General

Target

SoftwareLog.dll
Size

525KB
MD5

23fb08bcdaea9e5086ec25cdc43d8b65
SHA1

968916355d268a8e1c21a68f297ac163a0213741
SHA256

946fb969e3bc4eb46c2602c0a7ab16ea11f480a34f89a09ad16984379ed4bb13
SHA512

bfd692f1fffb71b27c907b881dfad0bdd4a1222cb8fbf45be73d085176b925c712947584ccfd7d72e4d40d09ebf11dc92bc6e19d9f26186ff50b2aeb7fdfce6d
SSDEEP

6144:ySyOKYyPDaiLRvrww2KQaDKgqhk1sGYs/05QGbaLq0FEHoAld0hqV:ZKrbNvcw2uDK5k1sJs0QI5TIe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3016 wrote to memory of 476	3016	rundll32.exe	rundll32.exe
PID 3016 wrote to memory of 476	3016	rundll32.exe	rundll32.exe
PID 3016 wrote to memory of 476	3016	rundll32.exe	rundll32.exe
PID 3016 wrote to memory of 476	3016	rundll32.exe	rundll32.exe
PID 3016 wrote to memory of 476	3016	rundll32.exe	rundll32.exe
PID 3016 wrote to memory of 476	3016	rundll32.exe	rundll32.exe
PID 3016 wrote to memory of 476	3016	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SoftwareLog.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SoftwareLog.dll,#1
2⤵
PID:476

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/476-2-0x0000000074430000-0x00000000744E8000-memory.dmp

Filesize
736KB

Download
memory/476-1-0x00000000744F0000-0x00000000745A8000-memory.dmp

Filesize
736KB

Download
memory/476-0-0x00000000744E0000-0x0000000074598000-memory.dmp

Filesize
736KB

Download