f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02 | Triage

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 14:20

Sharing

Report Analysis Logs

General

Target

f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02.dll
Size

3KB
MD5

64eac25ab93581f842c0abf789483cd0
SHA1

b6684804853050c53a0c517995e68dac1381d2c7
SHA256

f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02
SHA512

c7bb0a84dcdb76a009aa34cea3146b8a50d8cf16932e1362223bbbaa6ec7bcb6cefbbf1a11d7f4bf4bbdb88489abf6715e5e229b69d88809af1afd9dda651366

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26
PID 1992 wrote to memory of 1980	1992	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f115d5f65a8a5092087c81a4f646c278b66073d7168fc54f5c76d1f79db7ee02.dll,#1
  2⤵
  PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-55-0x0000000076141000-0x0000000076143000-memory.dmp

Filesize
8KB

Download