8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 19:20

Sharing

Report Analysis Logs

General

Target

8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll
Size

134KB
MD5

58b8d65e848176eb583a88e8d48f413e
SHA1

9ebb541dcb24d564448a6f5e00c613b73eba7148
SHA256

8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c
SHA512

8546e6333040f600051221657d5d345e2a203bda6284537c9d1130c301f0ec6289bda0c85b8bffa9941075eaca429dcef2f8b0811c751b5e7cc980b1b771d92f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1612	956	rundll32.exe	27
PID 956 wrote to memory of 1612	956	rundll32.exe	27
PID 956 wrote to memory of 1612	956	rundll32.exe	27
PID 956 wrote to memory of 1612	956	rundll32.exe	27
PID 956 wrote to memory of 1612	956	rundll32.exe	27
PID 956 wrote to memory of 1612	956	rundll32.exe	27
PID 956 wrote to memory of 1612	956	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8385aa79c0e400d316ca4a418a026558d2fa88e314541900b698d8294b84ca0c.dll,#1
  2⤵
  PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1612-54-0x0000000075D11000-0x0000000075D13000-memory.dmp

Filesize
8KB

Download