717c6ba0f1c3ddbb2662cbd9cdb36d8156bf35fffd5a2ae60899c467aa51fc98 | Triage

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 20:18

Sharing

Report Analysis Logs

General

Target

12.dll
Size

10.0MB
MD5

7f78ae69844211d99f7ea7817a42e144
SHA1

2e1da4e8722535502c2d21370bcca8d2aa52c5b5
SHA256

eea2d44c5b5b3f9f743f9053d5cdd66f8d890983e499231a8dfa2712502d9b25
SHA512

eb5d09463f773ecb63db2d11742ae2885665127687a14ba2eee6ba40caeb3c81345e682730a64dd7044e1b1465d5cca904fc2ce6b2ae9afc3b9b931deaa102a3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1740	1212	rundll32.exe	27
PID 1212 wrote to memory of 1740	1212	rundll32.exe	27
PID 1212 wrote to memory of 1740	1212	rundll32.exe	27
PID 1212 wrote to memory of 1740	1212	rundll32.exe	27
PID 1212 wrote to memory of 1740	1212	rundll32.exe	27
PID 1212 wrote to memory of 1740	1212	rundll32.exe	27
PID 1212 wrote to memory of 1740	1212	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
  2⤵
  PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-55-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download