28b9b2f2ab153a5911fa34c942935999e86e3d402089428a92aa6f9be7922573 | Triage

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 12:15

Sharing

Report Analysis Logs

General

Target

DWrite.dll
Size

1.4MB
MD5

2abd44418721b2502a3ff1928db07f0b
SHA1

fd0ef51258cda69c93a32eabd89447dfab9315da
SHA256

28b9b2f2ab153a5911fa34c942935999e86e3d402089428a92aa6f9be7922573
SHA512

88bacce85234f72acb47476d2e642763accfbc04302e5bd8b8499a18eb8f4553b189ff83c199b7e4b797f8943fd2bbd304cf91fdec943726cdda4c90e245dbc7
SSDEEP

24576:NMcF//r3xVIB7OaxaXS45/S9k13eG+u0ygd6F8ztqg+YAK1bNVb6:xtXS45q9qz+u0yfVngTb6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2600	2120	rundll32.exe	28
PID 2120 wrote to memory of 2600	2120	rundll32.exe	28
PID 2120 wrote to memory of 2600	2120	rundll32.exe	28
PID 2120 wrote to memory of 2600	2120	rundll32.exe	28
PID 2120 wrote to memory of 2600	2120	rundll32.exe	28
PID 2120 wrote to memory of 2600	2120	rundll32.exe	28
PID 2120 wrote to memory of 2600	2120	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DWrite.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DWrite.dll,#1
  2⤵
  PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads