67fda2e9f97550a6e0bfec72f253d4dbab97ca136a89d34dadc8aca46d1b3e3e | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 13:15

Sharing

Report Analysis Logs

General

Target

StorageManageLibrary8.dll
Size

505KB
MD5

11701b76485e1801ca2f1d3d42a8a894
SHA1

3b4e7f33cd0d57c20a5d3f88401f7805138527e4
SHA256

67fda2e9f97550a6e0bfec72f253d4dbab97ca136a89d34dadc8aca46d1b3e3e
SHA512

140a1796c4b2aaef64853eed6fa712f6d7663bd8659ea786c977f8c157ae8e076b3a4f8660454b7233475f86dbcf1141674ae3e93077199837db6114b53b8422
SSDEEP

6144:IqGE59GBsgkpxml0dz0rI3zRnqJt0OOTWt18PcpUJ8:IPE9GpkpxfBzlqJt0BTm1R6u

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2824	2244	rundll32.exe	28
PID 2244 wrote to memory of 2824	2244	rundll32.exe	28
PID 2244 wrote to memory of 2824	2244	rundll32.exe	28
PID 2244 wrote to memory of 2824	2244	rundll32.exe	28
PID 2244 wrote to memory of 2824	2244	rundll32.exe	28
PID 2244 wrote to memory of 2824	2244	rundll32.exe	28
PID 2244 wrote to memory of 2824	2244	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\StorageManageLibrary8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\StorageManageLibrary8.dll,#1
  2⤵
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads