5ffd6b1262f2c0552233279b909f38174681dfa951ba51cb484fcf2aa7019930 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 01:31

Sharing

Report Analysis Logs

General

Target

589e012cfaf7d596569aad11ea970d00N.dll
Size

78KB
MD5

589e012cfaf7d596569aad11ea970d00
SHA1

a6ec1ed0ae084aa9ecfa9c8841ac9a5a5cdfd688
SHA256

5ffd6b1262f2c0552233279b909f38174681dfa951ba51cb484fcf2aa7019930
SHA512

1e92a502fe33913ff4908299ea04268c03f8b33b91c1b4f7f665542a8c8baf779f44306764b9837afeceb4a7357efc007716e984577a92344b59f08b3bdf1be5
SSDEEP

1536:wkwoXeLYNdnarKinX03R9KXEy1h4Kibg:YouLeauiE3R9OEyYg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2648	3008	rundll32.exe	30
PID 3008 wrote to memory of 2648	3008	rundll32.exe	30
PID 3008 wrote to memory of 2648	3008	rundll32.exe	30
PID 3008 wrote to memory of 2648	3008	rundll32.exe	30
PID 3008 wrote to memory of 2648	3008	rundll32.exe	30
PID 3008 wrote to memory of 2648	3008	rundll32.exe	30
PID 3008 wrote to memory of 2648	3008	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\589e012cfaf7d596569aad11ea970d00N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\589e012cfaf7d596569aad11ea970d00N.dll,#1
  2⤵
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads