783deb2ecf6d1b4e7d58f026aa13c844e825be7e43fccfe1cbf7ac4e850f5bb2 | Triage

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 04:04

Sharing

Report Analysis Logs

General

Target

653d13efd482fbaacbc39b013098c780N.dll
Size

6KB
MD5

653d13efd482fbaacbc39b013098c780
SHA1

9d8053a75a96e09b11975d5d591a32ebd96df942
SHA256

783deb2ecf6d1b4e7d58f026aa13c844e825be7e43fccfe1cbf7ac4e850f5bb2
SHA512

93f2e97a7e381e1386f670a49e750cd84c56a474d6226f82cf4ab0f5a97c550d637c8551079dd89378aac7b5cb81129af9df16a35391f35118f8d6144d64cb83
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G0aB+BDq9J5S2:0QDV8FscMjsLFV3SB+FqX5S2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2912	2532	rundll32.exe	30
PID 2532 wrote to memory of 2912	2532	rundll32.exe	30
PID 2532 wrote to memory of 2912	2532	rundll32.exe	30
PID 2532 wrote to memory of 2912	2532	rundll32.exe	30
PID 2532 wrote to memory of 2912	2532	rundll32.exe	30
PID 2532 wrote to memory of 2912	2532	rundll32.exe	30
PID 2532 wrote to memory of 2912	2532	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\653d13efd482fbaacbc39b013098c780N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\653d13efd482fbaacbc39b013098c780N.dll,#1
  2⤵
  PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads