7fb112c3da88d1cec6b56d4503337efc9a55210736c25f6e5a59811ad5846f9b | Triage

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-10-2022 10:20

Sharing

Report Analysis Logs

General

Target

9b0000.dll
Size

43KB
MD5

20ebc4efde4da88e146c8e4246f42a5d
SHA1

9dc0793afe5d962bd73be2954dbbe000386f96c6
SHA256

7fb112c3da88d1cec6b56d4503337efc9a55210736c25f6e5a59811ad5846f9b
SHA512

c6a80277fd5d90fb32915a3e4d8fc3cdee1f931fd7c32d59b301acaa3db872adc0615222629925245d1501fa331a05d260a929f3e8f7b1766861d768e67fb1a2
SSDEEP

768:6TmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiLU8MZXFlkq9k7:6TmE+L5AkTixchBOKinCZ3eGMU8MZTRe

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1960 wrote to memory of 1832	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1832	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1832	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1832	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1832	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1832	1960	rundll32.exe	rundll32.exe
PID 1960 wrote to memory of 1832	1960	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b0000.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b0000.dll,#1
  2⤵
  PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1832-54-0x0000000000000000-mapping.dmp

Download
memory/1832-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download