0eb3f48092f0c494da8ae015a5e76b2154e66938ec954f72eb6caf6257f9fb3c | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 10:29

Sharing

Report Analysis Logs

General

Target

$TEMP/carritches.dll
Size

72KB
MD5

c71e507b870b4a3d412ebf32807e3ec9
SHA1

df1b2e859f0b4adf31c83f2c6ff170d7c3802174
SHA256

4ce8d5ab293bf630573a86d6cd80862facbe2ee03170db808b5567730b5aee99
SHA512

dfc433ddb23f1c73d4d688189e0cf180710d8210d4ec9332bfdeea1f6cb53b04ecc647d200fdaa476f4518a28544d048e3808af16a6c58a2f018b63042dc9720
SSDEEP

768:L/KmoG0U2PH9sFj9TF7jC2W5ZW8G/WzYqorlXv50KnV+UTk1tn3:L+Vt9srF7jcZW//WzYJXvqKnY/t3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1728 wrote to memory of 1812	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1812	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1812	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1812	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1812	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1812	1728	rundll32.exe	rundll32.exe
PID 1728 wrote to memory of 1812	1728	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\carritches.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\carritches.dll,#1
2⤵
PID:1812

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...