ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8 | Triage

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 12:40

Sharing

Report Analysis Logs

General

Target

ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll
Size

6KB
MD5

1cd6aba7a98a884da1b038bb5d74071d
SHA1

a113d6af994fdd81c70b9cf5b8a3f11819c7c568
SHA256

ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8
SHA512

be08ebed96c90640d5e90e7ab43c29e5c0ba4a0a7c16c6db10ae3de4b84f27e5347170a97cfa99fa9493f42fd3ea32c79f437fabd9fb1dc0bd2292d882f3f7e8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 1268 wrote to memory of 1292	1268	rundll32.exe	27
PID 1268 wrote to memory of 1292	1268	rundll32.exe	27
PID 1268 wrote to memory of 1292	1268	rundll32.exe	27
PID 1268 wrote to memory of 1292	1268	rundll32.exe	27
PID 1268 wrote to memory of 1292	1268	rundll32.exe	27
PID 1268 wrote to memory of 1292	1268	rundll32.exe	27
PID 1268 wrote to memory of 1292	1268	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8.dll,#1
  2⤵
  PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-55-0x0000000075AB1000-0x0000000075AB3000-memory.dmp

Filesize
8KB

Download