7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4 | Triage

Analysis

max time kernel
133s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
08-04-2022 16:00

Sharing

Report Analysis Logs

General

Target

7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4.dll
Size

1.7MB
MD5

75730ffc39fa5b5936a1b4b0d36522bb
SHA1

fc91a976e6948f37e71645f4c0d112e16d8e013f
SHA256

7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4
SHA512

cd5568265ce27d1c7b9825636fd3089e68e0702b399983910d37bebe4b0c76eccfd4faed9a00f0dd8190f0cdc5af94b2068cf679139bffa7b17c39d7124dd860

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1164 wrote to memory of 1436	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1436	1164	rundll32.exe	rundll32.exe
PID 1164 wrote to memory of 1436	1164	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1164

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7fa3abc229fd3cb9a0a6f07d9da15e35528c630d0ad5902d5422b305cae7eaa4.dll,#1
2⤵
PID:1436

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1436-130-0x0000000000000000-mapping.dmp

Download
memory/1436-131-0x00000000023E0000-0x000000000258E000-memory.dmp

Filesize
1.7MB

Download