c4a1b93d9e3631cbb0ae32d9699e60bcc8b0e16ad206a438cbd993d747e7aa26 | Triage

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 02:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c4a1b93d9e3631cbb0ae32d9699e60bcc8b0e16ad206a438cbd993d747e7aa26.dll
Size

3KB
MD5

401c8f8c51eefe7be995296bff882f6c
SHA1

ff710de69f59b05954bac1550bae5af5e79cd1d1
SHA256

c4a1b93d9e3631cbb0ae32d9699e60bcc8b0e16ad206a438cbd993d747e7aa26
SHA512

e6a118423a9b5f9ed05b5954bea32d68934359c3cbfe07af36f2d4765da178394c98c437ff4c6a7c9b9be9844e0a2a3020d0da5f47cb7a7c625f606af07c5f80

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27
PID 2032 wrote to memory of 2016	2032	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4a1b93d9e3631cbb0ae32d9699e60bcc8b0e16ad206a438cbd993d747e7aa26.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4a1b93d9e3631cbb0ae32d9699e60bcc8b0e16ad206a438cbd993d747e7aa26.dll,#1
  2⤵
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download