f8f3812fda1d0d0d729de1e37d310a66df34b8e638dcb5da4ca2605dbb4db57e | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 05:58

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/BgImage.dll
Size

7KB
MD5

2d5f40ddc34e9dc8f43b5bf1f61301e3
SHA1

5ed3cd47affc4d55750e738581fce2b40158c825
SHA256

785944e57e8e4971f46f84a07d82dee2ab4e14a68543d83bfe7be7d5cda83143
SHA512

605cebcc480cb71ba8241782d89e030a5c01e1359accbde174cb6bdaf249167347ecb06e3781cb9b1cc4b465cef95f1663f0d9766ed84ebade87aa3970765b3e
SSDEEP

96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkLnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmyLpmP

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2280 wrote to memory of 2264	2280	rundll32.exe	rundll32.exe
PID 2280 wrote to memory of 2264	2280	rundll32.exe	rundll32.exe
PID 2280 wrote to memory of 2264	2280	rundll32.exe	rundll32.exe
PID 2280 wrote to memory of 2264	2280	rundll32.exe	rundll32.exe
PID 2280 wrote to memory of 2264	2280	rundll32.exe	rundll32.exe
PID 2280 wrote to memory of 2264	2280	rundll32.exe	rundll32.exe
PID 2280 wrote to memory of 2264	2280	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2280

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#1
2⤵
PID:2264

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...