05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152 | Triage

Analysis

max time kernel
42s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 10:01

Sharing

Report Analysis Logs

General

Target

05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll
Size

4KB
MD5

74d0d1a45bc8ee620e13b127581cb0ce
SHA1

ff8636c9987c4f6354831f2fa8179610701826f0
SHA256

05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152
SHA512

a8e24e367cab962d171b8ab9c837daadf9538bd073dd70609d0e6bddbeccd7af6789d21a7c3afee838b40b19d9ee68f1186a7998d1e7ccc75ef055c10674562a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27
PID 1276 wrote to memory of 620	1276	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll,#1
  2⤵
  PID:620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/620-55-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download