589850b3998780b8235862295b1bd75e54e6bbd56305e191ae45e69e0d63af8b | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 03:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

39825c1579853ba003b8063fff64d0d0N.dll
Size

6KB
MD5

39825c1579853ba003b8063fff64d0d0
SHA1

b7225221e6ecdc26af0f163e77e7a1ccbd692472
SHA256

589850b3998780b8235862295b1bd75e54e6bbd56305e191ae45e69e0d63af8b
SHA512

c1a8a7c186a911a25d15e34e2233b89d4e88dbe6c65936d590b5fcf56100fe9176cccaed6b270987c764fa00531ca79784cc8f219fc4f7e2f47364738b4cebcc
SSDEEP

48:63mll5YVOa9VUX1iwbQWu0eB+BDq9J5SH:VDa9VUX9bQW+B+FqX5SH

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 3052	1720	rundll32.exe	28
PID 1720 wrote to memory of 3052	1720	rundll32.exe	28
PID 1720 wrote to memory of 3052	1720	rundll32.exe	28
PID 1720 wrote to memory of 3052	1720	rundll32.exe	28
PID 1720 wrote to memory of 3052	1720	rundll32.exe	28
PID 1720 wrote to memory of 3052	1720	rundll32.exe	28
PID 1720 wrote to memory of 3052	1720	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39825c1579853ba003b8063fff64d0d0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39825c1579853ba003b8063fff64d0d0N.dll,#1
  2⤵
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads