bbc569969354cc2d323388babe78dda3fede4962ca83bd56cedf83ce0c26a73b | Triage

Analysis

max time kernel
37s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:52

Sharing

Report Analysis Logs

General

Target

bbc569969354cc2d323388babe78dda3fede4962ca83bd56cedf83ce0c26a73b.dll
Size

3KB
MD5

257d278aa7290e2e6f78e132fe67552b
SHA1

4bc46b1143fe3de8327c7a31ba22937bd3746054
SHA256

bbc569969354cc2d323388babe78dda3fede4962ca83bd56cedf83ce0c26a73b
SHA512

8e53370d0fc2cad08182e109e564bfa468c2ce925969e66112e6a1b4f311832e29d5e72eb10e00dd63c9a930a95e64a97c8a30b5c9ca67cdd7e2ab28380ab7a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1620 wrote to memory of 1744	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 1744	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 1744	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 1744	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 1744	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 1744	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 1744	1620	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbc569969354cc2d323388babe78dda3fede4962ca83bd56cedf83ce0c26a73b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbc569969354cc2d323388babe78dda3fede4962ca83bd56cedf83ce0c26a73b.dll,#1
2⤵
PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download