0414a6fdd97c981dda46079df82406d575ce95b45c649ef3dc35ee83c896460a | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 01:04

Sharing

Report Analysis Logs

General

Target

40e6839c717a308e77d88808e74ea030N.dll
Size

70KB
MD5

40e6839c717a308e77d88808e74ea030
SHA1

60ac8c1b0e7736c7c33d0f94b605d51f20527aa2
SHA256

0414a6fdd97c981dda46079df82406d575ce95b45c649ef3dc35ee83c896460a
SHA512

7fbcbe1eb6ff7489f83d6021ed0d4047e67b26b571d5e61539b9da927dccf135249ddf098a80825c1818a903cb81e045b6aff7ac6868c6a7752f9e7a3b9c7523
SSDEEP

384:IcoG+Wxrb8YkvJnmG7jQPsXdqiV+IjX8FFe:IcoG+WdRImdF6Xz

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 1932	2692	rundll32.exe	30
PID 2692 wrote to memory of 1932	2692	rundll32.exe	30
PID 2692 wrote to memory of 1932	2692	rundll32.exe	30
PID 2692 wrote to memory of 1932	2692	rundll32.exe	30
PID 2692 wrote to memory of 1932	2692	rundll32.exe	30
PID 2692 wrote to memory of 1932	2692	rundll32.exe	30
PID 2692 wrote to memory of 1932	2692	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e6839c717a308e77d88808e74ea030N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40e6839c717a308e77d88808e74ea030N.dll,#1
  2⤵
  PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads