8a1ab068b00c8ed21eb85b683593efea720da995ab0bb1382914eb8738019aed | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 03:18

Sharing

Report Analysis Logs

General

Target

data/zip.dll
Size

120KB
MD5

f483ca3411e7f5b278df6dabd1dfa2ea
SHA1

9fe776f8eb36b7aada0d08cb7fc8d7a0371c69ef
SHA256

3af8886e8f36c34cde502bafd06e967a7769f910f603a88cb91a9833f928a6c9
SHA512

d229dcd16b8e91fdadee68d5e42a79b1447091c6480bfb4aa0761c5c9035404991383dd7999ee431a0610aa716745ec28e221c115baf022252f8f20512d9d4f6
SSDEEP

3072:YOltoyFOxHTKiM+Kh+GBFOQMrTBfC4NS5S:IyFOxHTKf+KhFB0QMrTBq4D

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28
PID 2088 wrote to memory of 2356	2088	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\data\zip.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\data\zip.dll,#1
  2⤵
  PID:2356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads