5c076a6ab21e4116d07b5b0f0e31fc15f9090c0385b51e1f092e84ab52ccbfd0 | Triage

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 04:51

Sharing

Report Analysis Logs

General

Target

$R0/ivzucplz.dll
Size

71KB
MD5

b18dc99e46a984cda15520bed050b182
SHA1

d3758400c96913b55bcc6476f8e4a80f6b407c82
SHA256

2c7ab1ba8b6391fe196055fc6d6bdd27624a917dd2c81937cb525849de1f19b5
SHA512

351baa79057884ee9ce18f49c85089bf5877b0c40d16b558c62dfc2a792d91292a7b03c42d227b2a492c935c0d3689d63331d012471904bb1d6e949cdff042c7
SSDEEP

1536:dmt0lNnvaTfOo/XjLg1Gn61y9yMDZWj8SGdw1+8DS/ITZQQ:MexvaSmjLZn6/MDBdwkNI9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1952	2072	rundll32.exe	30
PID 2072 wrote to memory of 1952	2072	rundll32.exe	30
PID 2072 wrote to memory of 1952	2072	rundll32.exe	30
PID 2072 wrote to memory of 1952	2072	rundll32.exe	30
PID 2072 wrote to memory of 1952	2072	rundll32.exe	30
PID 2072 wrote to memory of 1952	2072	rundll32.exe	30
PID 2072 wrote to memory of 1952	2072	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$R0\ivzucplz.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$R0\ivzucplz.dll,#1
  2⤵
  PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads