865332b82dd29d3f6a4d7f9ab93ea67eec3e3e038501ce77f25b6d4f8b154c2f | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 06:23

Sharing

Report Analysis Logs

General

Target

865332b82dd29d3f6a4d7f9ab93ea67eec3e3e038501ce77f25b6d4f8b154c2f.dll
Size

3KB
MD5

033363a3998218ec1bb35983bc2628af
SHA1

fa96e9cf2eb4ac729ec4b960f523beb479d2c002
SHA256

865332b82dd29d3f6a4d7f9ab93ea67eec3e3e038501ce77f25b6d4f8b154c2f
SHA512

cf53a2da15221b1c16ca8f3639ca6ee20075f7ba47517dac2c3bde2488cbcd95e6a078516f9c78e7ae6cd33a7582208701126c35a84509e756c9037fb40f0601

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27
PID 2028 wrote to memory of 1388	2028	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\865332b82dd29d3f6a4d7f9ab93ea67eec3e3e038501ce77f25b6d4f8b154c2f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\865332b82dd29d3f6a4d7f9ab93ea67eec3e3e038501ce77f25b6d4f8b154c2f.dll,#1
  2⤵
  PID:1388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-55-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download