cfecf3cdb457e6f5ad059db4c142ee7ab5cd2ef872ff194786d8140023cc3aed | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 13:08

Sharing

Report Analysis Logs

General

Target

$_2_/dl.dll
Size

1.4MB
MD5

7529ca73b5c100e3d588b4cb9b64803a
SHA1

11ed903c7575aea5aad51a3c5892fb7c32699bff
SHA256

2cd24170f935fd1c97a15cc666f8986594b64ba5de47cad19eac4bf9ee2bde18
SHA512

b40ed9e7ba5e7994882b482447967e6afc15c2ece9d8520028b4988d630f46eaa027645cd691bb572a347ea278354656ca4b3ac85e5b942fb1f661119b6694aa
SSDEEP

24576:1Dgxq4/HTitl0ejBepFgqRu4h/rDo9MSJAwuc5rRkqreIWw:1H4/TRwzqRu4xkY3GrWa8w

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2524	1788	rundll32.exe	30
PID 1788 wrote to memory of 2524	1788	rundll32.exe	30
PID 1788 wrote to memory of 2524	1788	rundll32.exe	30
PID 1788 wrote to memory of 2524	1788	rundll32.exe	30
PID 1788 wrote to memory of 2524	1788	rundll32.exe	30
PID 1788 wrote to memory of 2524	1788	rundll32.exe	30
PID 1788 wrote to memory of 2524	1788	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_2_\dl.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$_2_\dl.dll,#1
  2⤵
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads