cd0fed0b2f7dd886deae0f349672a465fa91c68673c0c6ca7b98bc2734b68728 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29-04-2024 00:12

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/IEFunctions.dll
Size

7KB
MD5

46ee93cfce4dd2576579f45ad8c41b88
SHA1

f34a4eb6df68e521debda61e5af46aaf461bc3ce
SHA256

a8fbec39470467e43e3fbc48cceeaf11d5e2fe3b98c521ac71b5522e7b46a859
SHA512

a2eb8ed29a819ee821c749dd76c04c2f3a5284a0063d08c43c9eaeb6f68a7c9034b846cb3cca26608cfe28b5ddc07842ea70a6aeb9cb7c6c1b579c3d05e40a5b
SSDEEP

96:fCOzwoO5dacVRNoYVhawoXA8B2oKhYVhrigWV6PM7qCtQp82:fAVV/cwcAMnAqrlWV6P0dQpL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1028 wrote to memory of 2420	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 2420	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 2420	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 2420	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 2420	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 2420	1028	rundll32.exe	rundll32.exe
PID 1028 wrote to memory of 2420	1028	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\IEFunctions.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1028

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\IEFunctions.dll,#1
2⤵
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads