15b2fa0131427a7fbffe42ce83f36357661772faa0381e6ab8ef21a81c6380aa | Triage

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 13:06

Sharing

Report Analysis Logs

General

Target

ImLookExU.dll
Size

262KB
MD5

c3d6a629966b2de0ac954c0c75847f59
SHA1

8109256492cb3a2a38a6587b7e1145c58e078769
SHA256

0e469f31a8399483862231a0fe5b78bf90a7df4ac5c0470ae79adc33e4a42d10
SHA512

c80f718baa86aa05a566b8b5f8087a9f32703ef8f00ded809e0a2d74e94604b4b524989d953e26b9752e02fe2601ebe6527ef03384f6368ff6e5dca289a857e0
SSDEEP

6144:9X6yu38mY4o8xnZSYDI7jlFl4oYVFl4OgqAIwMr5s:9X6yhmY4pZSYkvl4/NwU5s

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1704 wrote to memory of 2388	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 2388	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 2388	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 2388	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 2388	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 2388	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 2388	1704	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ImLookExU.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ImLookExU.dll,#1
2⤵
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2388-0-0x0000000000270000-0x0000000000280000-memory.dmp

Filesize
64KB

Download
memory/2388-3-0x0000000000300000-0x000000000038E000-memory.dmp

Filesize
568KB

Download