e298a9f2cad15cc2d006888249b7648e22f012d1f811030283e4a3016e7fa747 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 00:03

Sharing

Report Analysis Logs

General

Target

32e64320460b73080e8a5800079033a0N.dll
Size

3KB
MD5

32e64320460b73080e8a5800079033a0
SHA1

e487a2ba93b3999b84d928304f3340406f063e53
SHA256

e298a9f2cad15cc2d006888249b7648e22f012d1f811030283e4a3016e7fa747
SHA512

31e172d70773f26e4801adc2c3e3fadc0acbd2c1355602ed2fa580d611888e883ac0cb5e491cb46f121640711a718f92cbfd582f59c1707592fc0eee469b2f77

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2412	2348	rundll32.exe	31
PID 2348 wrote to memory of 2412	2348	rundll32.exe	31
PID 2348 wrote to memory of 2412	2348	rundll32.exe	31
PID 2348 wrote to memory of 2412	2348	rundll32.exe	31
PID 2348 wrote to memory of 2412	2348	rundll32.exe	31
PID 2348 wrote to memory of 2412	2348	rundll32.exe	31
PID 2348 wrote to memory of 2412	2348	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\32e64320460b73080e8a5800079033a0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\32e64320460b73080e8a5800079033a0N.dll,#1
  2⤵
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads