f003fc7873b3ebaced1ac2ea207a27ef9a3140f7d74c0305ac9cf8bdb64370bb | Triage

Analysis

max time kernel
119s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
16/06/2024, 12:18

Sharing

Report Analysis Logs

General

Target

7zxa.dll
Size

166KB
MD5

78eef11b0e83c52bf767aaa428bd07ca
SHA1

ad761c61e7c9b6bdfc889912c178b649672c9c54
SHA256

6c73b4bf32fed9f7f4f90f89cdf23c17a85ba94b9d5c065d473b70de01b94cac
SHA512

f2ae406e3bf9c0fa6072bde6ab90cf3daf80f7148c9b88f4deee899dfe2cb0ae64e4c26264c31c2f1c316075feefae28aa065046331d50fff2e55e1a938e57ec
SSDEEP

3072:95XjR6yKXymKAZm5QJSmZ+Z7QS8GQhX2MlChZC:95jRBYWIHMmZ07qGB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 4668	3768	rundll32.exe	79
PID 3768 wrote to memory of 4668	3768	rundll32.exe	79
PID 3768 wrote to memory of 4668	3768	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7zxa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7zxa.dll,#1
  2⤵
  PID:4668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads