af3c91fd79086852fefecf5a0e5a2899399220c2480e1759ac7c94b50eaa1f8a | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 10:00

Sharing

Report Analysis Logs

General

Target

af3c91fd79086852fefecf5a0e5a2899399220c2480e1759ac7c94b50eaa1f8a.dll
Size

164KB
MD5

f0b18f99eff5ed504f843959d436d44f
SHA1

d6d96bf838a9416227644c18713f87b5b998ebc5
SHA256

af3c91fd79086852fefecf5a0e5a2899399220c2480e1759ac7c94b50eaa1f8a
SHA512

b9ce721473c5eddc37a6d6f5b17af93b745a2a4ad9f4ea267d1e795d44ba4ffb018660ecd375ca99907c1f15ff84e2e39668500edc1fd321e6d7d5e1ba47e66e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 304	964	rundll32.exe	27
PID 964 wrote to memory of 304	964	rundll32.exe	27
PID 964 wrote to memory of 304	964	rundll32.exe	27
PID 964 wrote to memory of 304	964	rundll32.exe	27
PID 964 wrote to memory of 304	964	rundll32.exe	27
PID 964 wrote to memory of 304	964	rundll32.exe	27
PID 964 wrote to memory of 304	964	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af3c91fd79086852fefecf5a0e5a2899399220c2480e1759ac7c94b50eaa1f8a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af3c91fd79086852fefecf5a0e5a2899399220c2480e1759ac7c94b50eaa1f8a.dll,#1
  2⤵
  PID:304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/304-55-0x00000000762C1000-0x00000000762C3000-memory.dmp

Filesize
8KB

Download