a5d18bb37263ea342a5f01da382c3ec49ec6c34e3a71d6761750f3ef38ca16cb | Triage

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 14:44

Sharing

Report Analysis Logs

General

Target

d8f4c448f4c5b93347362b5e212c2b20N.dll
Size

5KB
MD5

d8f4c448f4c5b93347362b5e212c2b20
SHA1

6ed6e0344a304617c3b0fddea9fcd716d7dd0496
SHA256

a5d18bb37263ea342a5f01da382c3ec49ec6c34e3a71d6761750f3ef38ca16cb
SHA512

3ce2ccf39607a96b08c6173afc3be1bb31ac366a5fb050a6b36ee448fabc4c17568057fc621e493288f4a44250f1f5407412cac515d39cee7832f179dcdd60c3
SSDEEP

96:hy859x0P8MaLDdOtfVVLIC7obStUvQdNXt:F5oL3Hl7t22t

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2420	2192	rundll32.exe	30
PID 2192 wrote to memory of 2420	2192	rundll32.exe	30
PID 2192 wrote to memory of 2420	2192	rundll32.exe	30
PID 2192 wrote to memory of 2420	2192	rundll32.exe	30
PID 2192 wrote to memory of 2420	2192	rundll32.exe	30
PID 2192 wrote to memory of 2420	2192	rundll32.exe	30
PID 2192 wrote to memory of 2420	2192	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8f4c448f4c5b93347362b5e212c2b20N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d8f4c448f4c5b93347362b5e212c2b20N.dll,#1
  2⤵
  PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads