c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c | Triage

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 12:40

Sharing

Report Analysis Logs

General

Target

c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll
Size

6KB
MD5

f2ba03482cd57eef76f80554374f8a5c
SHA1

417560cea970e841fa0d83db73f2e894fa4d261c
SHA256

c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c
SHA512

925a08250e459adbcdf7e4753bfcae44ee03be04f3d6da698e2c3c18f6777dafa5229307f1fb7acf2428576c36ac64fbba2a9e7686f8e3822219ad0932eaa974

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1220 wrote to memory of 1412	1220	rundll32.exe	rundll32.exe
PID 1220 wrote to memory of 1412	1220	rundll32.exe	rundll32.exe
PID 1220 wrote to memory of 1412	1220	rundll32.exe	rundll32.exe
PID 1220 wrote to memory of 1412	1220	rundll32.exe	rundll32.exe
PID 1220 wrote to memory of 1412	1220	rundll32.exe	rundll32.exe
PID 1220 wrote to memory of 1412	1220	rundll32.exe	rundll32.exe
PID 1220 wrote to memory of 1412	1220	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1220

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c62217c3d731798ffd5eeabf66cd214ba2ab7ebc1d4074ebc757928623deb18c.dll,#1
2⤵
PID:1412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1412-54-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download