a7b83a87772511641557b1ace41c478ecf6f1be0e1585cf6ce170cbaab16d6bb | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211208
submitted
01/02/2022, 09:33

Sharing

Report Analysis Logs

General

Target

a7b83a87772511641557b1ace41c478ecf6f1be0e1585cf6ce170cbaab16d6bb.dll
Size

274KB
MD5

923eae42dfe4b8b5a1ed209b67388148
SHA1

3f363713fb4acbab10d5da466b128962fb7cbb11
SHA256

a7b83a87772511641557b1ace41c478ecf6f1be0e1585cf6ce170cbaab16d6bb
SHA512

00fd925b9ce9b73135d585df473923c47e93a1a392400ee49b7ed0cae7259aa009da8f795298268c30d7d12503753bdf4f1988d2965419f644f7623fcfd9faf0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 1480	868	rundll32.exe	27
PID 868 wrote to memory of 1480	868	rundll32.exe	27
PID 868 wrote to memory of 1480	868	rundll32.exe	27
PID 868 wrote to memory of 1480	868	rundll32.exe	27
PID 868 wrote to memory of 1480	868	rundll32.exe	27
PID 868 wrote to memory of 1480	868	rundll32.exe	27
PID 868 wrote to memory of 1480	868	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7b83a87772511641557b1ace41c478ecf6f1be0e1585cf6ce170cbaab16d6bb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7b83a87772511641557b1ace41c478ecf6f1be0e1585cf6ce170cbaab16d6bb.dll,#1
  2⤵
  PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1480-54-0x0000000075761000-0x0000000075763000-memory.dmp

Filesize
8KB

Download
memory/1480-55-0x0000000074C80000-0x0000000074CC7000-memory.dmp

Filesize
284KB

Download