d4f57ed2613f12bb85fbdf832543f16ba7f3af377b9e17f8f0388ce594984877 | Triage

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 01:51

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/Banner.dll
Size

4KB
MD5

fcca36e21ca7c4ecfc29f6804acbd76b
SHA1

2f1972d5a0ec8377e043b9b304e62c24c6c38506
SHA256

de59710bad95741c41e608f946d9eb4edacdf73ab92a1a3341f8a160b8952c66
SHA512

1885aaf379e6547e519a65751d192beb9f078d63f056886cbcdae75f37f12bf8e89c98fa3c45aa60967e19ba51329a8384cf7a64d851ab10b648b17daf9b175e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Banner.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Banner.dll,#1
  2⤵
  PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads