2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48 | Triage

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 18:37

Sharing

Report Analysis Logs

General

Target

2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48.dll
Size

134KB
MD5

ad7b4feba1bc01cdc6a6dff64ebe468c
SHA1

bd26238fb7d7e16ea79073d882bba00d34dd859c
SHA256

2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48
SHA512

e9a9b4213125b11332e10598ff99d5b2304098f0dc742af4f948abd74506a668cbe0e271ea37ca9b1acbc6e410d5236de100ffbadf869137112cb5a6b7a42b96

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1288	1404	rundll32.exe	27
PID 1404 wrote to memory of 1288	1404	rundll32.exe	27
PID 1404 wrote to memory of 1288	1404	rundll32.exe	27
PID 1404 wrote to memory of 1288	1404	rundll32.exe	27
PID 1404 wrote to memory of 1288	1404	rundll32.exe	27
PID 1404 wrote to memory of 1288	1404	rundll32.exe	27
PID 1404 wrote to memory of 1288	1404	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2aa995b0a818fa730f176f261b23dab7a32d49de598ad7dbb35f913a1fa4bd48.dll,#1
  2⤵
  PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1288-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download