981a5e5785177eccbc0504f7d33331b4ef5d37daa23ac8b07a05f03b7db260ea | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 13:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17225bfd55f36956f623d8cb32a99690N.dll
Size

6KB
MD5

17225bfd55f36956f623d8cb32a99690
SHA1

9c2018d3b051568d51b7494f9d7da14c52c8c9ba
SHA256

981a5e5785177eccbc0504f7d33331b4ef5d37daa23ac8b07a05f03b7db260ea
SHA512

a07ca330600fdf9cdd47cac01639ae92e67b9004d8bb670c357a98485d108cadf4a57d35d9a215fb90a1c0ac21335aa74a8be6d25610ca19aec4660d2d083d59
SSDEEP

48:6DOdd5YVOiFVE/y/sqwokyJyi0jB+BDq9J5S9:piFVE/y6okJ/B+FqX5S9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2012	1876	rundll32.exe	31
PID 1876 wrote to memory of 2012	1876	rundll32.exe	31
PID 1876 wrote to memory of 2012	1876	rundll32.exe	31
PID 1876 wrote to memory of 2012	1876	rundll32.exe	31
PID 1876 wrote to memory of 2012	1876	rundll32.exe	31
PID 1876 wrote to memory of 2012	1876	rundll32.exe	31
PID 1876 wrote to memory of 2012	1876	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17225bfd55f36956f623d8cb32a99690N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17225bfd55f36956f623d8cb32a99690N.dll,#1
  2⤵
  PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads