2516ec0cb6730ac6e86e3824fb83cfadd72aa9657de70c5de4861fd776cfd8bc | Triage

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 11:43

Sharing

Report Analysis Logs

General

Target

D2CMP.dll
Size

160KB
MD5

c7ea46c26f6624b2fe09914ce6b73fe7
SHA1

862d528de1c78813a6de7f71b48523d36098f0e0
SHA256

2516ec0cb6730ac6e86e3824fb83cfadd72aa9657de70c5de4861fd776cfd8bc
SHA512

c9963eed45da2b7729cf68b99a9f749baae70b55cb0bb1a4426c765ebda0600d3e3cd1d925a811a30ade83ef5307e59d7b379db461926d46a2ef5d3901f9098e
SSDEEP

3072:g1jsI8aGl6QENmOIRlfBX7MgJmOh+JVDllf:g9syu6/IRzLbYhJL

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 2368	1440	rundll32.exe	28
PID 1440 wrote to memory of 2368	1440	rundll32.exe	28
PID 1440 wrote to memory of 2368	1440	rundll32.exe	28
PID 1440 wrote to memory of 2368	1440	rundll32.exe	28
PID 1440 wrote to memory of 2368	1440	rundll32.exe	28
PID 1440 wrote to memory of 2368	1440	rundll32.exe	28
PID 1440 wrote to memory of 2368	1440	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\D2CMP.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\D2CMP.dll,#1
  2⤵
  PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads