b4fc27aa604c452541e403c7bee040ecad20b507d801f7036a6c41a2047a2929 | Triage

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 10:21

Sharing

Report Analysis Logs

General

Target

ac485477c8bd7a66ba64c59c83f6cec0N.dll
Size

3KB
MD5

ac485477c8bd7a66ba64c59c83f6cec0
SHA1

6b2a4c5c3c4939093b55eed6affb2b18c542126a
SHA256

b4fc27aa604c452541e403c7bee040ecad20b507d801f7036a6c41a2047a2929
SHA512

f077be6f5e997001aa8ad4ad10bb648a7df3edc9b8c379bf974eaca4a1606ae7f6a20515b5330772702d6706b6e5b83c0a647b092c7f6dc65e5c6b5273bcc256

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac485477c8bd7a66ba64c59c83f6cec0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac485477c8bd7a66ba64c59c83f6cec0N.dll,#1
  2⤵
  PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads