29d2f27ad45c7763c6d4362acd2f10c02d04b69c132695025498e0a028dacb11 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 02:51

Sharing

Report Analysis Logs

General

Target

361e57190f648d8b4f22616588d75150N.dll
Size

5KB
MD5

361e57190f648d8b4f22616588d75150
SHA1

6ba4b9c455a0e95cfd9edf634cb8ff0131a35fbc
SHA256

29d2f27ad45c7763c6d4362acd2f10c02d04b69c132695025498e0a028dacb11
SHA512

7666f1be7bb940f26810f0ea267bf481b7abaa6835d28eeb40e99b74ec45bca87462c3996d95bcb291517f781175c698aa5f577de08c2f13e79ce8655179fdfd
SSDEEP

96:hy859x0P8MaVsDEMkFzWSFhrGidiJs8XhrKrB8:F5oLdDEM8W+LWs8RrGB

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\361e57190f648d8b4f22616588d75150N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\361e57190f648d8b4f22616588d75150N.dll,#1
  2⤵
  PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads