91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563 | Triage

Analysis

max time kernel
17s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 05:26

Sharing

Report Analysis Logs

General

Target

91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563.dll
Size

3KB
MD5

938ac59011bbf38969b18164bc0cfcb0
SHA1

3bf9ccec0a223ad4baed605509c13b818d4a71b3
SHA256

91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563
SHA512

0d0975d2929d6b1a3d2553a6200be4ff8f1f4874dc903951683edcd54b174b4ad097891d68beaae22a58a06d6bbff28e1a48426a7d402aa28444b9689f54a217

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28
PID 2040 wrote to memory of 844	2040	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91fec31342487bf5b16f6ab094cf53ad50498b1421895a46c79851c8b0a1d563.dll,#1
  2⤵
  PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/844-55-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download