30d1a72290dfac7a30cea3eed888527ba95f31a6a62105afe2262e6918fa2817 | Triage

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 22:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

by_mires.dll
Size

32KB
MD5

57670d8a7994fd2ab146e64f57029a30
SHA1

a394b12bc18eb70f8fdd5a381b185ae046475525
SHA256

bed30d49ceefa39e96e4e7e653bbfc053edaf7db59463efb06ed16d6e04f8536
SHA512

4d2c27f0d51c75e07b7111f1759c060199ba38ea1a3a36a666e8887b4379a1690b62624fcbb0a7a306945785a00d404832739f6e28735cb32b87b079bd9605cd
SSDEEP

768:7bVKGFoSHd9NC7xnvHCcansUJNNJYmGqRc:7BLI7hpksMNNJYAc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\by_mires.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\by_mires.dll,#1
  2⤵
  PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2468-2-0x000000001001E000-0x000000001001F000-memory.dmp

Filesize
4KB

Download
memory/2468-1-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/2468-0-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download