534b5826cf5c3412675028f74783c2a5b6aa10a3d2a32f4b8cb69daf27accfb5 | Triage

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 13:40

Sharing

Report Analysis Logs

General

Target

012662e6eb58a1f8c01c5c0432ff6230.dll
Size

6KB
MD5

012662e6eb58a1f8c01c5c0432ff6230
SHA1

44bb00b001019f52a140d89a2532bbe5a1222af7
SHA256

534b5826cf5c3412675028f74783c2a5b6aa10a3d2a32f4b8cb69daf27accfb5
SHA512

43e8fba2a61ae87f92b18ba07d31be5fbfb29964a3c295aab948482d4ff916fb197940cc38460629adc3f01f5b2e95b855204ac4d4225fd7720a92a29c6b36c6
SSDEEP

96:hy859x0P8MaTCUK2svX1zeGogF1hNrEp:F5oL/UK2WhezgXT

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1704	2120	rundll32.exe	30
PID 2120 wrote to memory of 1704	2120	rundll32.exe	30
PID 2120 wrote to memory of 1704	2120	rundll32.exe	30
PID 2120 wrote to memory of 1704	2120	rundll32.exe	30
PID 2120 wrote to memory of 1704	2120	rundll32.exe	30
PID 2120 wrote to memory of 1704	2120	rundll32.exe	30
PID 2120 wrote to memory of 1704	2120	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\012662e6eb58a1f8c01c5c0432ff6230.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\012662e6eb58a1f8c01c5c0432ff6230.dll,#1
  2⤵
  PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads