c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708 | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-en-20211014
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708.dll
Size

64KB
MD5

22f4fe52068b39774d43a87114236586
SHA1

6b6c060e341fc4d840a29fbeeb20aae395a121e3
SHA256

c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708
SHA512

e9d72149addb5cfae21bbb376c23471fde57f1dd07ae6ab1e3234189f25de6e641781a0c2374ba2231f37abc9b1d7001929b15c672aa0f23fd9eba8e696f73b3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1584	1620	rundll32.exe	27
PID 1620 wrote to memory of 1584	1620	rundll32.exe	27
PID 1620 wrote to memory of 1584	1620	rundll32.exe	27
PID 1620 wrote to memory of 1584	1620	rundll32.exe	27
PID 1620 wrote to memory of 1584	1620	rundll32.exe	27
PID 1620 wrote to memory of 1584	1620	rundll32.exe	27
PID 1620 wrote to memory of 1584	1620	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8f8edd8870c3117cc3e80b54e99576da02fd17a521e4cf85c10185d45b2c708.dll,#1
  2⤵
  PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1584-56-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download