c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-en-20211014
submitted
13/11/2021, 17:36

Sharing

Report Analysis Logs

General

Target

c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d.dll
Size

68KB
MD5

5f5aed43a3ee55f2727f1c1470a6db32
SHA1

7574a3cb7c27bd548e93309b0401e7ce48d22d76
SHA256

c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d
SHA512

a3912fb654538c73c57c9a60b8a67e60b2446f1c5824d068613722a576bdcd26ef8ea121ffb4831b140049cecafd49e6879426dab7312c9e7a7283e9ebd4ae7f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2044	1704	rundll32.exe	28
PID 1704 wrote to memory of 2044	1704	rundll32.exe	28
PID 1704 wrote to memory of 2044	1704	rundll32.exe	28
PID 1704 wrote to memory of 2044	1704	rundll32.exe	28
PID 1704 wrote to memory of 2044	1704	rundll32.exe	28
PID 1704 wrote to memory of 2044	1704	rundll32.exe	28
PID 1704 wrote to memory of 2044	1704	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c88f8d086be8dd345babad15c76490ef889af7eaecb015f3107ff039f0ed5f2d.dll,#1
  2⤵
  PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-56-0x0000000074F61000-0x0000000074F63000-memory.dmp

Filesize
8KB

Download