7d9459b7a381c02c09497d79c69386dd75b78da09f94751d1e0c6a0f1d8c308d | Triage

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 20:03

Sharing

Report Analysis Logs

General

Target

12.dll
Size

10.0MB
MD5

19d571a3e1bb0b7993e8c8b9b6f1d53e
SHA1

abb3a53dbe1662f9b98180b7ea829001915fbd79
SHA256

e82ce6aad0737d75608cb636348a9d80f8410c257d7a7a60ca4a4b5a4a6f4cea
SHA512

f479d428490a6fcd8fff266acb2ecccd208d03b67287a3dab961253f8725877b62b484a96ca82f812ed9698a1568be4fc33d2c59b8548073a0c0ae948c3163c8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 520	1872	rundll32.exe	27
PID 1872 wrote to memory of 520	1872	rundll32.exe	27
PID 1872 wrote to memory of 520	1872	rundll32.exe	27
PID 1872 wrote to memory of 520	1872	rundll32.exe	27
PID 1872 wrote to memory of 520	1872	rundll32.exe	27
PID 1872 wrote to memory of 520	1872	rundll32.exe	27
PID 1872 wrote to memory of 520	1872	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
  2⤵
  PID:520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/520-54-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download