f51f3c1fb71a3301e0716e9025bc063e8f1aeb7c3b1bb5570f9e159f86eb67be | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 16:08

Sharing

Report Analysis Logs

General

Target

6xvjduoucppa.dll
Size

11KB
MD5

5c05b7632a19f8b04717a76aae9e2659
SHA1

a4b1062e88f9170917ec5a9b251bd739f995c3c8
SHA256

b574aefc953483b2e57dca1653bfec41d14d0c0d460a0e7e778e943d4a1ce364
SHA512

eaef74792c64f675add11a6392e32e2eed47701add80ac9945301324057aa8778e9afbd3588109a578f3da1ff09000b1c80756ab9b7f6c5f5ef27dde7fb531ce
SSDEEP

192:OOM8EnrUm2cHjpMTl+p2/mpnTsaqIT9PzRbRit:7EV2cHjpcT/cnNNbRG

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
776	rundll32.exe
776	rundll32.exe
776	rundll32.exe
776	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 776	2072	rundll32.exe	30
PID 2072 wrote to memory of 776	2072	rundll32.exe	30
PID 2072 wrote to memory of 776	2072	rundll32.exe	30
PID 2072 wrote to memory of 776	2072	rundll32.exe	30
PID 2072 wrote to memory of 776	2072	rundll32.exe	30
PID 2072 wrote to memory of 776	2072	rundll32.exe	30
PID 2072 wrote to memory of 776	2072	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6xvjduoucppa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6xvjduoucppa.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-0-0x0000000010000000-0x0000000010005000-memory.dmp

Filesize
20KB

Download