f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97 | Triage

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-en-20211208
submitted
24-01-2022 00:41

Sharing

Report Analysis Logs

General

Target

f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll
Size

164KB
MD5

72b88a31c6bd378ea66698a6ab15f6b8
SHA1

68c791b584b315f491443d3826f209c0e3ab9375
SHA256

f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97
SHA512

6a707908cbd63d14d738dce9c5eb920e3cfd20e2dc90f540b79aaaa52dd79c935fa8569f2f88d09ddeebdfc55874b7e3e9980b0a6d2eb27e10e99335a631a3df

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1448 wrote to memory of 1452	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 1452	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 1452	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 1452	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 1452	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 1452	1448	rundll32.exe	rundll32.exe
PID 1448 wrote to memory of 1452	1448	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1448

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8b0760d39e57a7c89e66ebb3b254a89ec8bea7793511f7ce71994d9a0946d97.dll,#1
2⤵
PID:1452

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1452-54-0x0000000076421000-0x0000000076423000-memory.dmp

Filesize
8KB

Download