fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 09:58

Sharing

Report Analysis Logs

General

Target

fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c.dll
Size

136KB
MD5

0079a697b8acbb0aa35f9f662f38debe
SHA1

e2b64333e4d4d9bf3eed1a7b5bf701eb6e4ad77e
SHA256

fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c
SHA512

5eb2a2045d0215f0f4c15505638b046e84db1a497e0c77e022938945b5f20ef238a50084b1ebcbe02c2425f7d8983650269f2729c6b5d41de12875539764c4f2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1656	1636	rundll32.exe	27
PID 1636 wrote to memory of 1656	1636	rundll32.exe	27
PID 1636 wrote to memory of 1656	1636	rundll32.exe	27
PID 1636 wrote to memory of 1656	1636	rundll32.exe	27
PID 1636 wrote to memory of 1656	1636	rundll32.exe	27
PID 1636 wrote to memory of 1656	1636	rundll32.exe	27
PID 1636 wrote to memory of 1656	1636	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa4f6b5212168af58a40adbb2bd8df08f55bfb2f76d8f7858105457e7384276c.dll,#1
  2⤵
  PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1656-55-0x0000000075801000-0x0000000075803000-memory.dmp

Filesize
8KB

Download