d81fdcc0520f1f01645e978ae21fcd7e01887044249d7ee1d0e018a6832320a5 | Triage

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 19:00

Sharing

Report Analysis Logs

General

Target

wininet.dll
Size

562KB
MD5

91b32b95a072ec20c3bbe6aca92227e0
SHA1

98cdffa397b38ae763f7f9d361671ca76d38d4b9
SHA256

1b30345659c6592efb084688787fff143d73896b4c526ced968b617e19b8a2d1
SHA512

4ab33691233fc0bdae281bbe61f0636a75f638a5a5dd7a92f5b85aeb2007d5c6555d40c72d91135e225d52013171fefda9bf0267f4aa65c7e82f5b2367f0ada4
SSDEEP

12288:paxHIJAojbQGHEgA4ifS2p/DE47NDhf9uGgh6:paNIVjbQ1K2p/Hxtf9Fgh

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1620	3024	rundll32.exe	30
PID 3024 wrote to memory of 1620	3024	rundll32.exe	30
PID 3024 wrote to memory of 1620	3024	rundll32.exe	30
PID 3024 wrote to memory of 1620	3024	rundll32.exe	30
PID 3024 wrote to memory of 1620	3024	rundll32.exe	30
PID 3024 wrote to memory of 1620	3024	rundll32.exe	30
PID 3024 wrote to memory of 1620	3024	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\wininet.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\wininet.dll,#1
  2⤵
  PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads