59d35f02d2c7c3dd328ca8901bea2fdc015d37f984216760c31ff51d10f9dec2 | Triage

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 14:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

59d35f02d2c7c3dd328ca8901bea2fdc015d37f984216760c31ff51d10f9dec2.dll
Size

3KB
MD5

518cb7572b36682e8898d3295687e080
SHA1

b1bd3a8255130bd4a9be56af426f7b759a56c214
SHA256

59d35f02d2c7c3dd328ca8901bea2fdc015d37f984216760c31ff51d10f9dec2
SHA512

1e6ccc0f7902bf8ceaf1b07ba8a292681dafb3ac62d4c1b7cfcf61b5088c50be6a957df8369144e5641add95fb6d7d1c05208c4ad11004ba535d2793c6a8a5da

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27
PID 1512 wrote to memory of 1360	1512	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59d35f02d2c7c3dd328ca8901bea2fdc015d37f984216760c31ff51d10f9dec2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59d35f02d2c7c3dd328ca8901bea2fdc015d37f984216760c31ff51d10f9dec2.dll,#1
  2⤵
  PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1360-55-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download