9bd19635ba9337da135f0196cd9b7222dca97f3962d2bf489d50b8361e127228 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 18:04

Sharing

Report Analysis Logs

General

Target

Flash10c.dll
Size

847KB
MD5

fecdfb01164060128aeb2ebff860f5ab
SHA1

cc5958c97d89d791a53a78554ffb0a4d08704690
SHA256

27ca87a183d3484b70ff2f7bb575c06a3d0a61b3c1669ac607a335f03f0e531b
SHA512

a9de5b258dcbc124be200b2ab0b5af60988feab9be074275adede5eb0c5276a6e6203cc2a6ec0c8614f638eb82be2caa2b09e1ce9670f33e2d76c20686c38945
SSDEEP

12288:UfvJR8jKSNYgubul1zDoO2sDWD/Y1CjruYEnACEytlPKF3Hf:UpR8jpegI2zDoO2sesYEACDPKF3/

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28
PID 2928 wrote to memory of 2992	2928	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Flash10c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Flash10c.dll,#1
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads