5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace | Triage

Analysis

max time kernel
43s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 23:04

Sharing

Report Analysis Logs

General

Target

5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll
Size

3KB
MD5

442e06cc8de4e42f4537e19893987ab0
SHA1

bc0cb1a1a28735dd5297b034f8a9defbd5ddb18d
SHA256

5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace
SHA512

45949598d749c62a8e835d22a67132850c10061c44e5bf74b83500b71309f4c0b9c8cbf177be189e1290225c4d7aa161518fb5be6dad9ed4837802f1d5f92a3d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27
PID 1484 wrote to memory of 1748	1484	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab586e2a20de428f9b478f22ab718ce64d824c50fe7125a11be4d7efb2faace.dll,#1
  2⤵
  PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1748-56-0x0000000075400000-0x0000000075408000-memory.dmp

Filesize
32KB

Download