0f7ca81ab1f1f3cd1366ad3e5b7b1892fc60f4457fd2be54d70c6af8997f58ba | Triage

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 13:24

Sharing

Report Analysis Logs

General

Target

0f7ca81ab1f1f3cd1366ad3e5b7b1892fc60f4457fd2be54d70c6af8997f58ba.dll
Size

3KB
MD5

91bb0a62f0ac06b29328fd9081c50031
SHA1

c75d56538c680524ad27a3f92c8899d9fd43b6bf
SHA256

0f7ca81ab1f1f3cd1366ad3e5b7b1892fc60f4457fd2be54d70c6af8997f58ba
SHA512

e6db216247a14ee3e351f6d284b92f7e22acdf5a2cb3ea18f743c34bf1a35471bba010c8a60c18590a7e019fb32f656cd7502f253658b29796fa7c673a0e972f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27
PID 904 wrote to memory of 1364	904	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f7ca81ab1f1f3cd1366ad3e5b7b1892fc60f4457fd2be54d70c6af8997f58ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f7ca81ab1f1f3cd1366ad3e5b7b1892fc60f4457fd2be54d70c6af8997f58ba.dll,#1
  2⤵
  PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1364-54-0x0000000000000000-mapping.dmp

Download
memory/1364-55-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download