07672889ea4753a79cf3b157325eebe66068959e176f541710bcd0993a510d0d | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

07672889ea4753a79cf3b157325eebe66068959e176f541710bcd0993a510d0d.dll
Size

3KB
MD5

f5bb01146dcbe1339b54a34eb83db53a
SHA1

5cec417f70d369dde44e11d742d13ab2f8e45509
SHA256

07672889ea4753a79cf3b157325eebe66068959e176f541710bcd0993a510d0d
SHA512

fc7d0c5e2cc1dd3275e48db25a28eff7feb99f1020fce839aa5e67a315f7216bfe19bdce1094752f7df012537ef8b05023ba5c28b2a534ccab4d3d32b238ef81

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2152	2936	rundll32.exe	28
PID 2936 wrote to memory of 2152	2936	rundll32.exe	28
PID 2936 wrote to memory of 2152	2936	rundll32.exe	28
PID 2936 wrote to memory of 2152	2936	rundll32.exe	28
PID 2936 wrote to memory of 2152	2936	rundll32.exe	28
PID 2936 wrote to memory of 2152	2936	rundll32.exe	28
PID 2936 wrote to memory of 2152	2936	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07672889ea4753a79cf3b157325eebe66068959e176f541710bcd0993a510d0d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\07672889ea4753a79cf3b157325eebe66068959e176f541710bcd0993a510d0d.dll,#1
  2⤵
  PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads