0d2561c8acd195ab5a88c9a8956e31ccc5e8c5cede2c88e10e744c9f00940274 | Triage

Analysis

max time kernel
21s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 13:25

Sharing

Report Analysis Logs

General

Target

0d2561c8acd195ab5a88c9a8956e31ccc5e8c5cede2c88e10e744c9f00940274.dll
Size

3KB
MD5

82a8dbca166631e00885771ea40e196e
SHA1

6590ca5654ba81b1a1f01b3326508ac3f1d2723f
SHA256

0d2561c8acd195ab5a88c9a8956e31ccc5e8c5cede2c88e10e744c9f00940274
SHA512

f9feb8ce3a00994fce8c22e046e7ed11ed5873001e849ecfa361d79798397baecdcfc47ea8c690a45378e6aaadd0c0716b91174a100b94611349261b6c07e2c3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27
PID 692 wrote to memory of 1668	692	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d2561c8acd195ab5a88c9a8956e31ccc5e8c5cede2c88e10e744c9f00940274.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d2561c8acd195ab5a88c9a8956e31ccc5e8c5cede2c88e10e744c9f00940274.dll,#1
  2⤵
  PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-55-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download