ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211014
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568.dll
Size

64KB
MD5

f0063ff9d44aa5a3abbf1623cf03055b
SHA1

4ca422db57bd8771daf8e2157a7cfce24a09a1c7
SHA256

ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568
SHA512

ae2967251d55f3057f4f0d37fdf78cf8c7695c18d275577b3aa4a38ca2cba269b9ae2101d3c3c2bd12d70a1b1b9933363826c03f3100bc9e4dc658793f663338

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1040	848	rundll32.exe	28
PID 848 wrote to memory of 1040	848	rundll32.exe	28
PID 848 wrote to memory of 1040	848	rundll32.exe	28
PID 848 wrote to memory of 1040	848	rundll32.exe	28
PID 848 wrote to memory of 1040	848	rundll32.exe	28
PID 848 wrote to memory of 1040	848	rundll32.exe	28
PID 848 wrote to memory of 1040	848	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccd8a0988a8838566db9201af244a400700ae6ab4ee996cf062272c9a4767568.dll,#1
  2⤵
  PID:1040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1040-56-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download