656d96824f59cbc2ae6d96e0903a6b975135509d5616a0da37763701331b32d9 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-en-20211208
submitted
28-01-2022 20:33

Sharing

Report Analysis Logs

General

Target

12.dll
Size

10.0MB
MD5

d7f90e635d2bc4677f57876f0d948ba4
SHA1

4c728f3d0743f0dbcc9fb616b57a6f3c67109844
SHA256

7435c7e67ce78ffb8455d327f2f83a1c9fd603d55ec9c2923b3cdf72ce9ea176
SHA512

0a87d5916cd9f6c3675bc2abf6c572aaa8ae3376f240228990c70a9ed7aaf74280b76848e46d1b31769382a0e86a1715d114394586cfef2df4db3fd6ea5cbf66

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 1032	960	rundll32.exe	27
PID 960 wrote to memory of 1032	960	rundll32.exe	27
PID 960 wrote to memory of 1032	960	rundll32.exe	27
PID 960 wrote to memory of 1032	960	rundll32.exe	27
PID 960 wrote to memory of 1032	960	rundll32.exe	27
PID 960 wrote to memory of 1032	960	rundll32.exe	27
PID 960 wrote to memory of 1032	960	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
  2⤵
  PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-54-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download