86c6d9d05d81a781123c5dda448f74a74959c512809fa7158a427cb297f34776 | Triage

Analysis

max time kernel
37s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 06:23

Sharing

Report Analysis Logs

General

Target

86c6d9d05d81a781123c5dda448f74a74959c512809fa7158a427cb297f34776.dll
Size

3KB
MD5

3244bf055db28a08c4dbd9549764dbe7
SHA1

27ab2950b50577757df2490c5c771f259fc113e2
SHA256

86c6d9d05d81a781123c5dda448f74a74959c512809fa7158a427cb297f34776
SHA512

270075c2f753f7bb290a1af0d3f80b6eb33ec298c5fa2d57cebc9676fb32621ccc97605ad073f9469cf7ddfd5053c90df26588def14c78e609bee18f661ab13f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1976	1980	rundll32.exe	28
PID 1980 wrote to memory of 1976	1980	rundll32.exe	28
PID 1980 wrote to memory of 1976	1980	rundll32.exe	28
PID 1980 wrote to memory of 1976	1980	rundll32.exe	28
PID 1980 wrote to memory of 1976	1980	rundll32.exe	28
PID 1980 wrote to memory of 1976	1980	rundll32.exe	28
PID 1980 wrote to memory of 1976	1980	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\86c6d9d05d81a781123c5dda448f74a74959c512809fa7158a427cb297f34776.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\86c6d9d05d81a781123c5dda448f74a74959c512809fa7158a427cb297f34776.dll,#1
  2⤵
  PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-55-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download