0d933f003b78994b9d3d0f0f6b05c3eb0ef64828eafa6e7419ecac106dba62ca | Triage

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 18:06

Sharing

Report Analysis Logs

General

Target

0d933f003b78994b9d3d0f0f6b05c3eb0ef64828eafa6e7419ecac106dba62ca.dll
Size

3KB
MD5

0d0fc15ed5d32e6b313b2b2b4c52d3b9
SHA1

ee4262c6927e6439e9a9bafe778f69b844bc6e7e
SHA256

0d933f003b78994b9d3d0f0f6b05c3eb0ef64828eafa6e7419ecac106dba62ca
SHA512

90e56eb40f104d3952e2d143b9a53fe7e5895948eddedb3b2d18ec35cc7161b54a6e4036c86252c38a139dabba335c6ab2afc30f02ae6b3520c13c11d8f24d66

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d933f003b78994b9d3d0f0f6b05c3eb0ef64828eafa6e7419ecac106dba62ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d933f003b78994b9d3d0f0f6b05c3eb0ef64828eafa6e7419ecac106dba62ca.dll,#1
  2⤵
  PID:928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/928-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download