37b4e65440cc71315029556ed024b76297c403334f01dc0c78d28d44cb2f09d7 | Triage

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 05:50

Sharing

Report Analysis Logs

General

Target

6bd1efcdb924cdaf7a7b7bd2e44e8af0N.dll
Size

7KB
MD5

6bd1efcdb924cdaf7a7b7bd2e44e8af0
SHA1

fcc4f279b531393431a6c64657429da9eb50d943
SHA256

37b4e65440cc71315029556ed024b76297c403334f01dc0c78d28d44cb2f09d7
SHA512

d037a1c584ab3ae38252f395895d7a159f9a043c109a2da269f840e65339ffdd6ce2fb02acf2e170964e31f1a04e863f1620e7aafc8103ecaa56d9d6bef657ea
SSDEEP

96:wb4VHccYJUC/aFbz/j0OvaPGd3cX5aXW:wUaJf/aFbP0OZ2JaX

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2140	1956	rundll32.exe	30
PID 1956 wrote to memory of 2140	1956	rundll32.exe	30
PID 1956 wrote to memory of 2140	1956	rundll32.exe	30
PID 1956 wrote to memory of 2140	1956	rundll32.exe	30
PID 1956 wrote to memory of 2140	1956	rundll32.exe	30
PID 1956 wrote to memory of 2140	1956	rundll32.exe	30
PID 1956 wrote to memory of 2140	1956	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bd1efcdb924cdaf7a7b7bd2e44e8af0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6bd1efcdb924cdaf7a7b7bd2e44e8af0N.dll,#1
  2⤵
  PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads