5f7515fb8b62da54458f08faa4e9b47722a93fc612e4d8a5c43fa65a151ebd29 | Triage

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 05:56

Sharing

Report Analysis Logs

General

Target

DIProxy.Wrapper.dll
Size

17KB
MD5

b4e6cfdaf8298e51a9287ddddcfbcc54
SHA1

e5242662a5f0a081e12470ce01b7bbf7333bd657
SHA256

5f7515fb8b62da54458f08faa4e9b47722a93fc612e4d8a5c43fa65a151ebd29
SHA512

446ba919e58ef9ab18b8de7a88c5e426f8087cfc851c66309098eec8ade8062c6b36efcc2db49e498c04d0cc70259e2266e323e5e68256a7213efa91aa649e99
SSDEEP

384:RyjhkFvvPiY0+9W+GT0biyLtmNasGTYU:RlhiL+GTsvhLRTYU

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2192	2892	rundll32.exe	28
PID 2892 wrote to memory of 2192	2892	rundll32.exe	28
PID 2892 wrote to memory of 2192	2892	rundll32.exe	28
PID 2892 wrote to memory of 2192	2892	rundll32.exe	28
PID 2892 wrote to memory of 2192	2892	rundll32.exe	28
PID 2892 wrote to memory of 2192	2892	rundll32.exe	28
PID 2892 wrote to memory of 2192	2892	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DIProxy.Wrapper.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DIProxy.Wrapper.dll,#1
  2⤵
  PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads