8479a563fcf0227f15823e4a48cce973f2780ff5a5bf8330794d26c5b5575abc | Triage

Analysis

max time kernel
39s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 02:04

Sharing

Report Analysis Logs

General

Target

8479a563fcf0227f15823e4a48cce973f2780ff5a5bf8330794d26c5b5575abc.dll
Size

3KB
MD5

64bdce5ae0ebfac37f24acecc6adf742
SHA1

7d10db6a31f47cfe2d46cbedb478d300d2c3bff3
SHA256

8479a563fcf0227f15823e4a48cce973f2780ff5a5bf8330794d26c5b5575abc
SHA512

ff2910d14e812caac31eef78f708d5ed488c482c859fc5cbc8aa085b9c4166cf8d36d77e304f1e97e27c447db9431766b31aea15e05da95fff36b869863eb210

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 1436	944	rundll32.exe	27
PID 944 wrote to memory of 1436	944	rundll32.exe	27
PID 944 wrote to memory of 1436	944	rundll32.exe	27
PID 944 wrote to memory of 1436	944	rundll32.exe	27
PID 944 wrote to memory of 1436	944	rundll32.exe	27
PID 944 wrote to memory of 1436	944	rundll32.exe	27
PID 944 wrote to memory of 1436	944	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8479a563fcf0227f15823e4a48cce973f2780ff5a5bf8330794d26c5b5575abc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8479a563fcf0227f15823e4a48cce973f2780ff5a5bf8330794d26c5b5575abc.dll,#1
  2⤵
  PID:1436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1436-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download