92b4221480457eb3948f821d30be21f20c46944bd9d520ed5be1b5759ae2a2fd | Triage

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 12:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92b4221480457eb3948f821d30be21f20c46944bd9d520ed5be1b5759ae2a2fd.dll
Size

4KB
MD5

93790f1404ec3c02f64175e3ef37a342
SHA1

ce7ceb8f6d7b93f116cbfbdedffc745adf28d298
SHA256

92b4221480457eb3948f821d30be21f20c46944bd9d520ed5be1b5759ae2a2fd
SHA512

5b16a07e4dde790bf7c52569af137cc11cca874ebf935246b7d2c92a6023b06b86d597a1d44af42fe4302ce84538acba301d30a58790be58b2a2ff8b5be9ffbf

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1528	1352	rundll32.exe	26
PID 1352 wrote to memory of 1528	1352	rundll32.exe	26
PID 1352 wrote to memory of 1528	1352	rundll32.exe	26
PID 1352 wrote to memory of 1528	1352	rundll32.exe	26
PID 1352 wrote to memory of 1528	1352	rundll32.exe	26
PID 1352 wrote to memory of 1528	1352	rundll32.exe	26
PID 1352 wrote to memory of 1528	1352	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92b4221480457eb3948f821d30be21f20c46944bd9d520ed5be1b5759ae2a2fd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\92b4221480457eb3948f821d30be21f20c46944bd9d520ed5be1b5759ae2a2fd.dll,#1
  2⤵
  PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1528-55-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download