eceff5fdbf4969092be73035afe1d5f6d16fa23bce62fe32fc83945763233a95 | Triage

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 17:39

Sharing

Report Analysis Logs

General

Target

12.dll
Size

10.0MB
MD5

1ab1fa6da7667a3b6fc70e45578af6fd
SHA1

92b17805e04692960ab0dd55d445a4a345b614ee
SHA256

fe1d6f3fd54fc60470eea39dc40685c0e8e0ef4fad3cdd20fc62b095e313491f
SHA512

2b625409f9ecf05095a6b59018156905db03db5c6991068fab4aef33f50d31f9ea2b5c77cd712ce4431f43296d8acf55314e16309875ba938015b942924d8a1a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 1744	1608	rundll32.exe	27
PID 1608 wrote to memory of 1744	1608	rundll32.exe	27
PID 1608 wrote to memory of 1744	1608	rundll32.exe	27
PID 1608 wrote to memory of 1744	1608	rundll32.exe	27
PID 1608 wrote to memory of 1744	1608	rundll32.exe	27
PID 1608 wrote to memory of 1744	1608	rundll32.exe	27
PID 1608 wrote to memory of 1744	1608	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
  2⤵
  PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-55-0x00000000763B1000-0x00000000763B3000-memory.dmp

Filesize
8KB

Download