c12672108af8a9817b240f11bb4f69a51dfd9ae4fa2c9ca13e6a664f1d2d1fa8 | Triage

Analysis

max time kernel
41s
max time network
149s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 02:04

Sharing

Report Analysis Logs

General

Target

c12672108af8a9817b240f11bb4f69a51dfd9ae4fa2c9ca13e6a664f1d2d1fa8.dll
Size

3KB
MD5

737cde717e629f9450ccb42a34fddc70
SHA1

f122e9b3a5ce44737bbc66f43a8ae09dad91f76e
SHA256

c12672108af8a9817b240f11bb4f69a51dfd9ae4fa2c9ca13e6a664f1d2d1fa8
SHA512

9481c18828087257135d87573b9ff584e543f8aa74f7697fb974960c0c09c070d28a027e3f416fa2a5120065249fd6febef19875ba5e63f7858a2dbcc52ae982

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26
PID 1184 wrote to memory of 964	1184	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c12672108af8a9817b240f11bb4f69a51dfd9ae4fa2c9ca13e6a664f1d2d1fa8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c12672108af8a9817b240f11bb4f69a51dfd9ae4fa2c9ca13e6a664f1d2d1fa8.dll,#1
  2⤵
  PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x0000000000000000-mapping.dmp

Download
memory/964-55-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download