9fb3ad7c50a5dbf7f8f366901e6edc5e02edd158653f78a243824d1b3e409045 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 22:12

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/NET.dll
Size

92KB
MD5

63834ec07c42859db4ebef4947046d50
SHA1

ea9551cba09926ae639c0ba93479049fc060af4c
SHA256

1bd3438268e3a8e6060ec607e503714805657d01b3a35fea289f2624ff3265c0
SHA512

972b8ecfa0ba2bae2f7ed269f66a11a90dfc45435f916bfee58ce493fb244b0b077412260390cf43adf64098f2771daabdd3541e2350137f450423d8c119503e
SSDEEP

1536:8GW1TSWGZGWPtCVR/sdd8smDk+A6cvFsWjcd9sEcrteEV6:8GISpZti6dT+AXq9grteEV6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2404	2008	rundll32.exe	28
PID 2008 wrote to memory of 2404	2008	rundll32.exe	28
PID 2008 wrote to memory of 2404	2008	rundll32.exe	28
PID 2008 wrote to memory of 2404	2008	rundll32.exe	28
PID 2008 wrote to memory of 2404	2008	rundll32.exe	28
PID 2008 wrote to memory of 2404	2008	rundll32.exe	28
PID 2008 wrote to memory of 2404	2008	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NET.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NET.dll,#1
  2⤵
  PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads