a608177a444fda907aaa36b0d66df33d4f6a1ceb1e947e72c6e72d42b9403423 | Triage

Analysis

max time kernel
18s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 04:10

Sharing

Report Analysis Logs

General

Target

4484b71e9e492f0be30264a6206f5630N.dll
Size

15KB
MD5

4484b71e9e492f0be30264a6206f5630
SHA1

b78699dacfd7cac3d98823b7b1338c0534d17775
SHA256

a608177a444fda907aaa36b0d66df33d4f6a1ceb1e947e72c6e72d42b9403423
SHA512

55347ab439c04f206cc0dd79092cd5180dfe72fb0a092721b71c67791520846c19cfaf037ac9951f71cadee8bbf8629261c2f288ca78a2e3951ae42e8665a372
SSDEEP

192:9Knw9YufO3rLlZBly8Z6FXRwwl/5XsNdW/T3XBB1:Mnw6ufO3lZPy8eRJQW/T3X

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1596	1472	rundll32.exe	30
PID 1472 wrote to memory of 1596	1472	rundll32.exe	30
PID 1472 wrote to memory of 1596	1472	rundll32.exe	30
PID 1472 wrote to memory of 1596	1472	rundll32.exe	30
PID 1472 wrote to memory of 1596	1472	rundll32.exe	30
PID 1472 wrote to memory of 1596	1472	rundll32.exe	30
PID 1472 wrote to memory of 1596	1472	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4484b71e9e492f0be30264a6206f5630N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4484b71e9e492f0be30264a6206f5630N.dll,#1
  2⤵
  PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads