f71a408dfb2424f5427aee8da0bd53744369bd768c7170aaf60dba8d3dd11b81 | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-10-2022 10:39

Sharing

Report Analysis Logs

General

Target

f71a408dfb2424f5427aee8da0bd53744369bd768c7170aaf60dba8d3dd11b81.dll
Size

4KB
MD5

743060b38751c083e7851786384fb5cb
SHA1

fc723d3cd05fc8a8eb7ee19041290c42b5140ba8
SHA256

f71a408dfb2424f5427aee8da0bd53744369bd768c7170aaf60dba8d3dd11b81
SHA512

2f91b6d01114dc61a386b9c5792ffac6ecfaaba0dfd35d17befe1680235b2ee78e46ee0de8cbe05812cd489ecb6e2b53673c60351aba06d6ec6f9994432a211a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1292	1488	rundll32.exe	27
PID 1488 wrote to memory of 1292	1488	rundll32.exe	27
PID 1488 wrote to memory of 1292	1488	rundll32.exe	27
PID 1488 wrote to memory of 1292	1488	rundll32.exe	27
PID 1488 wrote to memory of 1292	1488	rundll32.exe	27
PID 1488 wrote to memory of 1292	1488	rundll32.exe	27
PID 1488 wrote to memory of 1292	1488	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f71a408dfb2424f5427aee8da0bd53744369bd768c7170aaf60dba8d3dd11b81.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f71a408dfb2424f5427aee8da0bd53744369bd768c7170aaf60dba8d3dd11b81.dll,#1
  2⤵
  PID:1292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1292-54-0x0000000000000000-mapping.dmp

Download
memory/1292-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download