8b4830fc017e04a6d6b7740aee3a47e4ffcdd5e26b8d4743639a3801605b453e | Triage

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 00:44

Sharing

Report Analysis Logs

General

Target

8b4830fc017e04a6d6b7740aee3a47e4ffcdd5e26b8d4743639a3801605b453e.dll
Size

4KB
MD5

a2bb811a1c9df17cc0ee22a8ff3eab57
SHA1

d62d80e022aa5ba7b9580811aa4063a08e522bee
SHA256

8b4830fc017e04a6d6b7740aee3a47e4ffcdd5e26b8d4743639a3801605b453e
SHA512

1e1929e5c86de884bd0806cecf6ba07092650969c442fecd3f1478efd304bf97479f7acb728dcc689d56314684496b1d919e2fa38b4a683195350720e9a4eb3a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1984	1148	rundll32.exe	26
PID 1148 wrote to memory of 1984	1148	rundll32.exe	26
PID 1148 wrote to memory of 1984	1148	rundll32.exe	26
PID 1148 wrote to memory of 1984	1148	rundll32.exe	26
PID 1148 wrote to memory of 1984	1148	rundll32.exe	26
PID 1148 wrote to memory of 1984	1148	rundll32.exe	26
PID 1148 wrote to memory of 1984	1148	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b4830fc017e04a6d6b7740aee3a47e4ffcdd5e26b8d4743639a3801605b453e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b4830fc017e04a6d6b7740aee3a47e4ffcdd5e26b8d4743639a3801605b453e.dll,#1
  2⤵
  PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1984-54-0x0000000000000000-mapping.dmp

Download
memory/1984-55-0x0000000075041000-0x0000000075043000-memory.dmp

Filesize
8KB

Download