97ff8d0db6ef32b1d7bda6d0ca4077ca77b77397b0bd8fb57df47798e85afb15 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 11:43

Sharing

Report Analysis Logs

General

Target

Common.dll
Size

2.0MB
MD5

c55fb527b6f17c1108d4feb05783ff44
SHA1

c62fcff2d22ad401cd6be1427908eb8ff14713a6
SHA256

97ff8d0db6ef32b1d7bda6d0ca4077ca77b77397b0bd8fb57df47798e85afb15
SHA512

eb0007f2dd7e731f9e7ca8ab2dfafa3d96f630cea58dcf440ff1ed43ddf41f8b3b0960dec9195aea4d37be68bfa663a4b732a01edefe9a0f38376b1823e4011a
SSDEEP

49152:Su49Lc+YiPA+YiPf+YiP3+YiP3+YiP3+YiPQrG1G:S

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2316	1540	rundll32.exe	28
PID 1540 wrote to memory of 2316	1540	rundll32.exe	28
PID 1540 wrote to memory of 2316	1540	rundll32.exe	28
PID 1540 wrote to memory of 2316	1540	rundll32.exe	28
PID 1540 wrote to memory of 2316	1540	rundll32.exe	28
PID 1540 wrote to memory of 2316	1540	rundll32.exe	28
PID 1540 wrote to memory of 2316	1540	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Common.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Common.dll,#1
  2⤵
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads