98e529ed7347695086e585fd901ac029b5d6cd2bbd7bf7cdd709d7888591224d | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 04:52

Sharing

Report Analysis Logs

General

Target

98e529ed7347695086e585fd901ac029b5d6cd2bbd7bf7cdd709d7888591224d.dll
Size

3KB
MD5

80bf42065937481d5b969f082a2016b0
SHA1

64f348f59e1dc955acf7fec0b6e76fdae7e1c7ce
SHA256

98e529ed7347695086e585fd901ac029b5d6cd2bbd7bf7cdd709d7888591224d
SHA512

d022d83bf82f839fe1de36bc756f11bb5ba23b5fef6fd135949e836424a88e8ecf1f41b359ebd89570b71749bda8e991db34c1345860ded05177bd8b1ea02d0d

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28
PID 1960 wrote to memory of 1488	1960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98e529ed7347695086e585fd901ac029b5d6cd2bbd7bf7cdd709d7888591224d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98e529ed7347695086e585fd901ac029b5d6cd2bbd7bf7cdd709d7888591224d.dll,#1
  2⤵
  PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download