59f7fdf5b4464950b5551aa9e9f06f7774b52fbff74f03e851b40569d4426ff6 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 18:57

Sharing

Report Analysis Logs

General

Target

ttsacid.dll
Size

72KB
MD5

6ca731691427d663098325d86d1ee17a
SHA1

2c2d8edbfec49b7a546fcd8861e45daac62ea074
SHA256

7b737f863b9aa7e1b16406381e6047e38ff0e38beb1a487f8d97c7abb224b2f0
SHA512

267bb2aa6b24c248a6304773876a14d951ed2c0c3030ffcbcfe49a98cf6217d376d6df4b91ee96210db12082224239a3cfcef07c87d0f244860a6a7d0ff97788
SSDEEP

768:e8w2UUU9DB55vD99pdVExcRl/eEyR2/JP4KR3DvDcEmz75VNgr:eV2IB55vqx6evRcJZ9zvQ5VNg

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 816	552	rundll32.exe	31
PID 552 wrote to memory of 816	552	rundll32.exe	31
PID 552 wrote to memory of 816	552	rundll32.exe	31
PID 552 wrote to memory of 816	552	rundll32.exe	31
PID 552 wrote to memory of 816	552	rundll32.exe	31
PID 552 wrote to memory of 816	552	rundll32.exe	31
PID 552 wrote to memory of 816	552	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ttsacid.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ttsacid.dll,#1
  2⤵
  PID:816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads