5f09de90db804401842617dddb5750c6a8d7a27edb409c91f2ef86d0198d3e58 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

npTimeGrid.dll
Size

44KB
MD5

d41683eb7b037a95485ed8b437d2fbcc
SHA1

909208a108395a89b2922c9a94f3c070575c68e5
SHA256

2df1af8a1d0b2cd25642685c091859803ae48a9d636818b68e15c75cb0058a86
SHA512

2938557ade2fef2df6ea4f1f348fcb1a0d02fdc1f67b6556a69171c6935ecbfc90bd41a758271fe58fe72a07b2f24123c2244f56d4bf9e0f3f9f38300870b8e7
SSDEEP

768:oB99gjVq8DmwjLM7iyoX2iLD2USZ2Oqh:k9gjVq8aws5oX2iv5SQOqh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 852	2792	rundll32.exe	28
PID 2792 wrote to memory of 852	2792	rundll32.exe	28
PID 2792 wrote to memory of 852	2792	rundll32.exe	28
PID 2792 wrote to memory of 852	2792	rundll32.exe	28
PID 2792 wrote to memory of 852	2792	rundll32.exe	28
PID 2792 wrote to memory of 852	2792	rundll32.exe	28
PID 2792 wrote to memory of 852	2792	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\npTimeGrid.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\npTimeGrid.dll,#1
  2⤵
  PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/852-0-0x00000000000D0000-0x00000000000EB000-memory.dmp

Filesize
108KB

Download