bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:33

Sharing

Report Analysis Logs

General

Target

bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll
Size

3KB
MD5

7652063c28f6e13da6548585482016a3
SHA1

5d482f57df06d69eed1d0a07e287de7632038602
SHA256

bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229
SHA512

21a82f16147974212abbae7c90de5cadee62b75346a928115ed4dc986ec35ef2fb55e84d02997a0da588324eb5292c4dda599ddf6463db7ef8b0e7db71d1f2a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1992 wrote to memory of 2072	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2072	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2072	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2072	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2072	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2072	1992	rundll32.exe	rundll32.exe
PID 1992 wrote to memory of 2072	1992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf37c171b420b3eb4f07408e3a1558c74eb47d6f3e8dad6d7d40114636706229.dll,#1
2⤵
PID:2072

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...