7bbb458e6579df29118174eb65579f6f02773e8ead9e89b65933191796774617 | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 16:07

Sharing

Report Analysis Logs

General

Target

libgcrypt-20.dll
Size

979KB
MD5

e7f12f3680f5150e29994a500d7c022f
SHA1

b0021e21d16c0dd5fcd7e067d828e7372d164873
SHA256

9f2862f520943aff5a1825a0fb92a4e98757dabe557c89e92cb24d0523905df4
SHA512

d7cd75ee6a7d16a6a16eff446ccecd60ed531903ddacae10081835f803ba69c9ed10cbcb2e17e262960e156b407b844cba3c5890a56f633c0b84d5e0ff005e62
SSDEEP

12288:PdETpCAy8RMKOsF0zIcG8GxEruMWkVyc25lPSd/uCf:1AQlsOzIcGJuruMWrc2XPSdt

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 328 wrote to memory of 2476	328	rundll32.exe	rundll32.exe
PID 328 wrote to memory of 2476	328	rundll32.exe	rundll32.exe
PID 328 wrote to memory of 2476	328	rundll32.exe	rundll32.exe
PID 328 wrote to memory of 2476	328	rundll32.exe	rundll32.exe
PID 328 wrote to memory of 2476	328	rundll32.exe	rundll32.exe
PID 328 wrote to memory of 2476	328	rundll32.exe	rundll32.exe
PID 328 wrote to memory of 2476	328	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libgcrypt-20.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libgcrypt-20.dll,#1
2⤵
PID:2476

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...