87058836bd1c2c7a428ae4a3b4729035dab25795fe4da55b3f5793cc115c611a | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 09:55

Sharing

Report Analysis Logs

General

Target

87058836bd1c2c7a428ae4a3b4729035dab25795fe4da55b3f5793cc115c611a.dll
Size

68KB
MD5

42aaa953a06706c56f64cb9f6d270677
SHA1

c27147895cc156862e5bf4d29e434f2fffc28a81
SHA256

87058836bd1c2c7a428ae4a3b4729035dab25795fe4da55b3f5793cc115c611a
SHA512

a52e9b8718c7abc574a982b75c3ca7a7f6a5aac438ab0de8694060f72ca42b8c639b359d6d3ddb1b40d0a65066b1368f9514bcf35423f593a23bcf706865f6e9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 1576	1580	rundll32.exe	27
PID 1580 wrote to memory of 1576	1580	rundll32.exe	27
PID 1580 wrote to memory of 1576	1580	rundll32.exe	27
PID 1580 wrote to memory of 1576	1580	rundll32.exe	27
PID 1580 wrote to memory of 1576	1580	rundll32.exe	27
PID 1580 wrote to memory of 1576	1580	rundll32.exe	27
PID 1580 wrote to memory of 1576	1580	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87058836bd1c2c7a428ae4a3b4729035dab25795fe4da55b3f5793cc115c611a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87058836bd1c2c7a428ae4a3b4729035dab25795fe4da55b3f5793cc115c611a.dll,#1
  2⤵
  PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1576-54-0x00000000754B1000-0x00000000754B3000-memory.dmp

Filesize
8KB

Download