b3b1ffff5ec8facfc6eb990227eb4f072d6731e517a4a778ef8dc400be8f69cd | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 12:18

Sharing

Report Analysis Logs

General

Target

SessEnv.dll
Size

274KB
MD5

0b2e4cd938757b3b3bbb10c845bd6ee7
SHA1

b9bcc13143db21fcf58451b858e998c9c92d2381
SHA256

b3b1ffff5ec8facfc6eb990227eb4f072d6731e517a4a778ef8dc400be8f69cd
SHA512

d7331ad98c0a50a59358d42276d5557dbc6b9607ae00c1e3a8f53ff6c93c276f2eea37887621084b1a9897c11e44b8403ead8fb9b9bfa5256705424849761d73
SSDEEP

6144:8j8kVSUNuMawlRCiGF8GSxWpw4ROd4fLpFAfS3aAI51gqXAOAiqG4n2o6ARMJtU:MPArRCao1gqXAOAiqG42oZM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2828	2556	rundll32.exe	28
PID 2556 wrote to memory of 2828	2556	rundll32.exe	28
PID 2556 wrote to memory of 2828	2556	rundll32.exe	28
PID 2556 wrote to memory of 2828	2556	rundll32.exe	28
PID 2556 wrote to memory of 2828	2556	rundll32.exe	28
PID 2556 wrote to memory of 2828	2556	rundll32.exe	28
PID 2556 wrote to memory of 2828	2556	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SessEnv.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SessEnv.dll,#1
  2⤵
  PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads