019350e704914a8c48e5cc90b4175e4d9d0eba26c0a4c966350d461a87c9eb0a | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 22:31

Sharing

Report Analysis Logs

General

Target

199e42c0acb932ba0bbad44ed7dcf140N.dll
Size

3KB
MD5

199e42c0acb932ba0bbad44ed7dcf140
SHA1

c908b72a1b4f4ae77a18948ae420f6c7169b50ce
SHA256

019350e704914a8c48e5cc90b4175e4d9d0eba26c0a4c966350d461a87c9eb0a
SHA512

6a8954db34fef901874cb612c57b7040484dd843544bb19f40acf34966f9fd9bfc1f5e1210a11f174cd71952742924668204e52548119ff3ff2a1f52ee0fca64

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2088	2628	rundll32.exe	31
PID 2628 wrote to memory of 2088	2628	rundll32.exe	31
PID 2628 wrote to memory of 2088	2628	rundll32.exe	31
PID 2628 wrote to memory of 2088	2628	rundll32.exe	31
PID 2628 wrote to memory of 2088	2628	rundll32.exe	31
PID 2628 wrote to memory of 2088	2628	rundll32.exe	31
PID 2628 wrote to memory of 2088	2628	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\199e42c0acb932ba0bbad44ed7dcf140N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\199e42c0acb932ba0bbad44ed7dcf140N.dll,#1
  2⤵
  PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads