e9e96bfcecf2f4fdc536cb0e8b1b2a08cb660f4b73a87099deeb7cbf0cb62210 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 08:36

Sharing

Report Analysis Logs

General

Target

proc.dll
Size

462KB
MD5

6aac836bde08d9c6fee6c91cc1ac631f
SHA1

b10817a68208bbeb22172afcd40227a35cee4cda
SHA256

f9d9b9d36c6077f75f86343fcd4cddb1dc4965d42c77e19f60e2515f97e7571b
SHA512

d9901d553bdf0acb92ed0b92bd14ec4f9d11e7ffeb534ae4fe664e14bfe917d2434f09e945c07bdc0b4da0dc13cb65829c7f066ee6d87452ba5bbbcdf900a1b4
SSDEEP

6144:HEKrFfU19u5mbwAKKzqMmrDmM6GBCpBns2OJBCQf3rt63AQ49VYDQxc/D:HEKlGu5mk/KzqMmr91p2ECQfw3CVYHD

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe
PID 2424 wrote to memory of 2056	2424	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\proc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\proc.dll,#1
2⤵
PID:2056

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...