2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9 | Triage

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-en-20211104
submitted
13-11-2021 17:35

Sharing

Report Analysis Logs

General

Target

2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll
Size

64KB
MD5

f9e519f958184c4e2150c7828bb1efea
SHA1

cc64a670ded14c941ae690f59c47fa2abe3858c1
SHA256

2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9
SHA512

eb3d690a61f90908605780042acaf21d32c0a37973a0c74da5ad27b64fa99f9905a95e7b2cc33d1e553739d3d30e684d7f246201b335947ff65351d3ff4f4ec4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 672 wrote to memory of 472	672	rundll32.exe	28
PID 672 wrote to memory of 472	672	rundll32.exe	28
PID 672 wrote to memory of 472	672	rundll32.exe	28
PID 672 wrote to memory of 472	672	rundll32.exe	28
PID 672 wrote to memory of 472	672	rundll32.exe	28
PID 672 wrote to memory of 472	672	rundll32.exe	28
PID 672 wrote to memory of 472	672	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2532083859417ec55d85a2412a678c2ff3219d473e6abfca158e4bc75ef8c8b9.dll,#1
  2⤵
  PID:472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/472-56-0x0000000076A21000-0x0000000076A23000-memory.dmp

Filesize
8KB

Download