d8c5738f8b79a37aa75cd42c11d686dec792187d7a2e69738d44e618de78e6e7 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 03:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d8c5738f8b79a37aa75cd42c11d686dec792187d7a2e69738d44e618de78e6e7.dll
Size

3KB
MD5

301d36aff24b2ed8ff1d75f770cbb8ca
SHA1

685f1341e181685de45276e8f1e2a0923c207cb4
SHA256

d8c5738f8b79a37aa75cd42c11d686dec792187d7a2e69738d44e618de78e6e7
SHA512

d75d8d46ffdacc94f415ddfc2c68d10caef6d4aeacb7d4df8ef0f0e1b22cc184454df95abe709f4c8d2118e711cabbbe18c257e2f7a40feeab6b8141bc338b12

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2992	2968	rundll32.exe	28
PID 2968 wrote to memory of 2992	2968	rundll32.exe	28
PID 2968 wrote to memory of 2992	2968	rundll32.exe	28
PID 2968 wrote to memory of 2992	2968	rundll32.exe	28
PID 2968 wrote to memory of 2992	2968	rundll32.exe	28
PID 2968 wrote to memory of 2992	2968	rundll32.exe	28
PID 2968 wrote to memory of 2992	2968	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8c5738f8b79a37aa75cd42c11d686dec792187d7a2e69738d44e618de78e6e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8c5738f8b79a37aa75cd42c11d686dec792187d7a2e69738d44e618de78e6e7.dll,#1
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads