d618b457c1310790385c4efeb88e8afaa61876e42b17bc329bb148694a4b5a00 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 15:09

Sharing

Report Analysis Logs

General

Target

$APPDATA/test/formsend/u25dts.dll
Size

20KB
MD5

c2078ef235a007b4a7c033edab99581f
SHA1

99428a7f1a5e55a33f4dabcf496f5934d15e78ca
SHA256

6defe31cfa060451248fb8c5211a9e6ed8fb8ebf9efb0a0e53df3d78641dea5e
SHA512

480d3c896eb39a3236c9cea15af71299fe721579bbc6cd3897169cf76f90c6aae7153ef97aaec4f6a54e2b9c10343fc6f80170d62c53af0649d788fd92277e78
SSDEEP

384:ZSvZAWSUwp/q/tD18QykVj8YrfaLCcY9jBJJWs:ZSuWA+xHykVtraL38TJWs

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1072 wrote to memory of 2004	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 2004	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 2004	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 2004	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 2004	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 2004	1072	rundll32.exe	rundll32.exe
PID 1072 wrote to memory of 2004	1072	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\test\formsend\u25dts.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$APPDATA\test\formsend\u25dts.dll,#1
2⤵
PID:2004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...