881cdbcb96d1318568ea04c31a1a88bcd0a79a1a92a204384c189747217c2fca | Triage

Analysis

max time kernel
41s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 20:40

Sharing

Report Analysis Logs

General

Target

881cdbcb96d1318568ea04c31a1a88bcd0a79a1a92a204384c189747217c2fca.dll
Size

3KB
MD5

8348026152def93016342cf7fa7f6a8f
SHA1

36f8b604ac9bb93e33b4e7819d6caa1d3b0b96db
SHA256

881cdbcb96d1318568ea04c31a1a88bcd0a79a1a92a204384c189747217c2fca
SHA512

bd02ba042faf1ea11c8fa31c88224b4c5652b45ba93d62c68c02c51fbf2aa22849e1546c7e56205ccdec914556306710a90720c8b61ef96d5d875cf967da7914

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 944	1288	rundll32.exe	27
PID 1288 wrote to memory of 944	1288	rundll32.exe	27
PID 1288 wrote to memory of 944	1288	rundll32.exe	27
PID 1288 wrote to memory of 944	1288	rundll32.exe	27
PID 1288 wrote to memory of 944	1288	rundll32.exe	27
PID 1288 wrote to memory of 944	1288	rundll32.exe	27
PID 1288 wrote to memory of 944	1288	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\881cdbcb96d1318568ea04c31a1a88bcd0a79a1a92a204384c189747217c2fca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\881cdbcb96d1318568ea04c31a1a88bcd0a79a1a92a204384c189747217c2fca.dll,#1
  2⤵
  PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-55-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download