fc92fb7a0c24e9d061036f2ac439e93bd1817cd0d56229e83dad37608dbaf03d | Triage

Analysis

max time kernel
46s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 11:37 UTC

Sharing

Report Analysis Logs

General

Target

fc92fb7a0c24e9d061036f2ac439e93bd1817cd0d56229e83dad37608dbaf03d.dll
Size

4KB
MD5

a2a685512fb28e39ce249bf0522cf280
SHA1

ad9eab0977b884aa94317a5d08b35c40f1d3c217
SHA256

fc92fb7a0c24e9d061036f2ac439e93bd1817cd0d56229e83dad37608dbaf03d
SHA512

841416d846bd5270b98a854872c01ac94d2e3e79f643408429e1d3d22da47f6aeccab7d50f8b1c100e0dfe4090a2441b365d484b8e62e8c84981cebbb27ba52f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1364	1996	rundll32.exe	28
PID 1996 wrote to memory of 1364	1996	rundll32.exe	28
PID 1996 wrote to memory of 1364	1996	rundll32.exe	28
PID 1996 wrote to memory of 1364	1996	rundll32.exe	28
PID 1996 wrote to memory of 1364	1996	rundll32.exe	28
PID 1996 wrote to memory of 1364	1996	rundll32.exe	28
PID 1996 wrote to memory of 1364	1996	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc92fb7a0c24e9d061036f2ac439e93bd1817cd0d56229e83dad37608dbaf03d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc92fb7a0c24e9d061036f2ac439e93bd1817cd0d56229e83dad37608dbaf03d.dll,#1
  2⤵
  PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1364-55-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download