a261bc985aba27fd89b8ead1567034282eb7041c3c239039b49fbf147e427b91 | Triage

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 01:08

Sharing

Report Analysis Logs

General

Target

a261bc985aba27fd89b8ead1567034282eb7041c3c239039b49fbf147e427b91.dll
Size

3KB
MD5

c76087d3202b00ea94ea4a140636e478
SHA1

4c63753c261b0d63892d0ca21d2564af73e779eb
SHA256

a261bc985aba27fd89b8ead1567034282eb7041c3c239039b49fbf147e427b91
SHA512

2e6073d42ae099c28d34879d5570d4b75e04a79e40ccb0a62bfd1300e7295affd43f564291f193691d3ba869952a04ad26008eb8917b81d1e0f405a6b6929a6a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2032	1364	rundll32.exe	28
PID 1364 wrote to memory of 2032	1364	rundll32.exe	28
PID 1364 wrote to memory of 2032	1364	rundll32.exe	28
PID 1364 wrote to memory of 2032	1364	rundll32.exe	28
PID 1364 wrote to memory of 2032	1364	rundll32.exe	28
PID 1364 wrote to memory of 2032	1364	rundll32.exe	28
PID 1364 wrote to memory of 2032	1364	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a261bc985aba27fd89b8ead1567034282eb7041c3c239039b49fbf147e427b91.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a261bc985aba27fd89b8ead1567034282eb7041c3c239039b49fbf147e427b91.dll,#1
  2⤵
  PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads