a3265959a63d8baf8fecc3d6de9cb5ee962655abcfc1d2831575f1e92c9a7cb3 | Triage

Analysis

max time kernel
16s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 21:42

Sharing

Report Analysis Logs

General

Target

a3265959a63d8baf8fecc3d6de9cb5ee962655abcfc1d2831575f1e92c9a7cb3.dll
Size

3KB
MD5

0411ddfab934dcd4cef34a0afccecfd6
SHA1

5b1f39ab230d6dbe48ca516c9cb099b81cbc6fce
SHA256

a3265959a63d8baf8fecc3d6de9cb5ee962655abcfc1d2831575f1e92c9a7cb3
SHA512

16369cfe0d386724616e37e3636c20fdebb93e437603751364507c9903c76e4935835422925758d8509087373cf05e3037923c36fcb2fde037180e3652c9e60d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1492	1940	rundll32.exe	27
PID 1940 wrote to memory of 1492	1940	rundll32.exe	27
PID 1940 wrote to memory of 1492	1940	rundll32.exe	27
PID 1940 wrote to memory of 1492	1940	rundll32.exe	27
PID 1940 wrote to memory of 1492	1940	rundll32.exe	27
PID 1940 wrote to memory of 1492	1940	rundll32.exe	27
PID 1940 wrote to memory of 1492	1940	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3265959a63d8baf8fecc3d6de9cb5ee962655abcfc1d2831575f1e92c9a7cb3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3265959a63d8baf8fecc3d6de9cb5ee962655abcfc1d2831575f1e92c9a7cb3.dll,#1
  2⤵
  PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1492-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download