95ba8dbda495c170e075f48627d7dd89c6b29be0ce0d0d8316b0236692675060 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 12:14

Sharing

Report Analysis Logs

General

Target

cfgmgr32.dll
Size

142KB
MD5

3ffaea12666e565ff51bf2fca674f543
SHA1

61cafe32b0add76dbf4ec9381e79b3d7831a05c4
SHA256

95ba8dbda495c170e075f48627d7dd89c6b29be0ce0d0d8316b0236692675060
SHA512

92c573cd504e0a6162bd1f1b887f0758977caab9bcde8cf35ca1513fecb2cfb226e554dc88059019bafa30d3a037a651c55adb6e66fd554af68c04f5f8761f1d
SSDEEP

3072:GuEewZzypO+K7szJNnNz8eTrOd8t6tgEYWtsgdelEOjKpLAW:GUOh74Od8tAHYcCSpLh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2832	2848	rundll32.exe	28
PID 2848 wrote to memory of 2832	2848	rundll32.exe	28
PID 2848 wrote to memory of 2832	2848	rundll32.exe	28
PID 2848 wrote to memory of 2832	2848	rundll32.exe	28
PID 2848 wrote to memory of 2832	2848	rundll32.exe	28
PID 2848 wrote to memory of 2832	2848	rundll32.exe	28
PID 2848 wrote to memory of 2832	2848	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfgmgr32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfgmgr32.dll,#1
  2⤵
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads