1dc82ec6bd8c9f9f0ec068eb72665f6cdaf21c08b9c3b07cd56c9e6ddad626fc | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 11:46

Sharing

Report Analysis Logs

General

Target

SkyDll.dll
Size

88KB
MD5

238c76c80c9f0fb6af4ded758e840bf7
SHA1

4c010ba2d023522d4b00c0b181f66c8a4716cf82
SHA256

15f69ef3aad3b97fc38acff2d742fa24d9921b001ba181372013308c8bb4de2e
SHA512

c40ebb5b88a24bd69af0ac73c735e7f0ca613880f25235e1133cabf8be94ba3c8f1ef6e860e67e6f868fd683ba75ab3778598eb885a016c62f2f1deae828d977
SSDEEP

1536:tYA6OdSkvhpFPioBaxc5kD4erKmtby4P7ML:txfSmFKpZtby4P7ML

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2804	2748	rundll32.exe	31
PID 2748 wrote to memory of 2804	2748	rundll32.exe	31
PID 2748 wrote to memory of 2804	2748	rundll32.exe	31
PID 2748 wrote to memory of 2804	2748	rundll32.exe	31
PID 2748 wrote to memory of 2804	2748	rundll32.exe	31
PID 2748 wrote to memory of 2804	2748	rundll32.exe	31
PID 2748 wrote to memory of 2804	2748	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SkyDll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SkyDll.dll,#1
  2⤵
  PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads