9d2d58b77e21869a6aa4d968d715098dd64dc268f250cbf519c8071d83ab4242 | Triage

Analysis

max time kernel
40s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 01:10

Sharing

Report Analysis Logs

General

Target

9d2d58b77e21869a6aa4d968d715098dd64dc268f250cbf519c8071d83ab4242.dll
Size

3KB
MD5

08d5e7a970339732a9f713f361b0a7d0
SHA1

b47857aa9d9fcfd74fed20dd270b62a1967b8936
SHA256

9d2d58b77e21869a6aa4d968d715098dd64dc268f250cbf519c8071d83ab4242
SHA512

aa5a4acb5d326eee4d8afd954d1d6622cee09f428100135b726abfdb2e6c314618d7b4bf37ec3a8047e29e8bf129da8e2ef5abbdf6b3d88e3e83a3960c755786

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 980	916	rundll32.exe	27
PID 916 wrote to memory of 980	916	rundll32.exe	27
PID 916 wrote to memory of 980	916	rundll32.exe	27
PID 916 wrote to memory of 980	916	rundll32.exe	27
PID 916 wrote to memory of 980	916	rundll32.exe	27
PID 916 wrote to memory of 980	916	rundll32.exe	27
PID 916 wrote to memory of 980	916	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d2d58b77e21869a6aa4d968d715098dd64dc268f250cbf519c8071d83ab4242.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d2d58b77e21869a6aa4d968d715098dd64dc268f250cbf519c8071d83ab4242.dll,#1
  2⤵
  PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/980-55-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download