Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 01:15

General

  • Target

    $TEMP/petronel.dll

  • Size

    10KB

  • MD5

    437b11c6cce872c4c7e94b30e5812997

  • SHA1

    219f7dcf754dba48c53cf3cde5637cc4adceb3cc

  • SHA256

    4a5164acce1c631285a09353b11e318426800801cac515bde8e76a10bac6130f

  • SHA512

    11ea28de7d274a58eda40e2eda176de898558cea2cff4045b27f4282baa5d0cfed1cc1c4f49abb7bbcf79fa70585424e9ce5dd642fe5f98a7db948a21b2442c2

  • SSDEEP

    192:oy0X5kKzSZAwVFhSv4gZRnRH6rfDkjkky:ot5kK+ZAwVFhkZxRHeQy

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\petronel.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\petronel.dll,#1
      2⤵
        PID:2852

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads