92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff | Triage

Analysis

max time kernel
121s
max time network
145s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:01

Sharing

Report Analysis Logs

General

Target

92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff.dll
Size

136KB
MD5

41db0c2202d64e967fd6789f00c576fa
SHA1

9dfce70fded4f3bc2aa50ca772b0f9094b7b1fb2
SHA256

92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff
SHA512

d2624e7a1dbeeab9c47f682389f5244ecc703dbf9cd351e2ffa0b1b79fe786fb533416609cd386c44c5f3e89f38140898a4dbc2af0a308f10987cc3c5ec085ba

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1552	1720	rundll32.exe	27
PID 1720 wrote to memory of 1552	1720	rundll32.exe	27
PID 1720 wrote to memory of 1552	1720	rundll32.exe	27
PID 1720 wrote to memory of 1552	1720	rundll32.exe	27
PID 1720 wrote to memory of 1552	1720	rundll32.exe	27
PID 1720 wrote to memory of 1552	1720	rundll32.exe	27
PID 1720 wrote to memory of 1552	1720	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff.dll,#1
  2⤵
  PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1552-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download