77cb792e3da518b1c70b0efd0485bf48b35c12c7ac608e34c665a626bf8ebc33 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:17

Sharing

Report Analysis Logs

General

Target

NewKpDLLE.dll
Size

481KB
MD5

cb34637936c9c9bba0a5b17827a3b999
SHA1

bba74f83bdfea22f027084aa2e13b481025fe3c5
SHA256

9b330ac7f3ef4c2b2e7eccd85aaab46ff455e0fc0d8ddc2507756be9c22438e8
SHA512

7e1421f4b6a72c84ee8263cc59336da5f849b5781f5b3b33e8302a67a539598c2b097f38dfeca98987df113180834c6164a9cf2f40fefee1fda0f3844fad26a3
SSDEEP

6144:T1MFtswcTNWrdSG3VsWU3jCj76NEHKf0eRc4aeOQPn0y72qcR6hp71is0T:l1NWrVGWAj/NtseRc4R9eW

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NewKpDLLE.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NewKpDLLE.dll,#1
2⤵
PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads