f7e525e4bfbbcfdf0435089961578fa26f9caad6e2cbe9ba9179836573f4bf11 | Triage

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 12:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Magnification.dll
Size

40KB
MD5

a50fe6492b55ecddd398ef5ee35676f8
SHA1

bcd12250e6d6b60bfdd29ec05a6b5cce4e42303e
SHA256

f7e525e4bfbbcfdf0435089961578fa26f9caad6e2cbe9ba9179836573f4bf11
SHA512

0a063847f486b7f522d53e163f1f38721613a190bf722fa93132dab68d52ba5220e59901f8181f96f42f891ecb430e06d415073c7afed280b6e9de0e3b9f9731
SSDEEP

768:v2E2nFH+LpDnVjkFTuidw8HVexbeCiHMPxM:v2E2nFH+LpLUu6CIMZ

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2452	1660	rundll32.exe	28
PID 1660 wrote to memory of 2452	1660	rundll32.exe	28
PID 1660 wrote to memory of 2452	1660	rundll32.exe	28
PID 1660 wrote to memory of 2452	1660	rundll32.exe	28
PID 1660 wrote to memory of 2452	1660	rundll32.exe	28
PID 1660 wrote to memory of 2452	1660	rundll32.exe	28
PID 1660 wrote to memory of 2452	1660	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Magnification.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Magnification.dll,#1
  2⤵
  PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads