20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0 | Triage

Analysis

max time kernel
16s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 16:52

Sharing

Report Analysis Logs

General

Target

20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll
Size

3KB
MD5

162c1da62a123e22ad53989b75ed749a
SHA1

1c6c4240893544f785716dd99f3ceb7ff2cf289e
SHA256

20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0
SHA512

80a4bec83fbf3a582698468a59ded8008356cebc3082dc1d936ea5de2232917ba91746901630d3a55d5bafd35d1497f1b0deb1b527439cd9bbed8ef24162de47

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1796 wrote to memory of 1552	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1552	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1552	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1552	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1552	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1552	1796	rundll32.exe	rundll32.exe
PID 1796 wrote to memory of 1552	1796	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1796

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20ee92ab06ef23889c427849cf737538f530f3d631a1f11d2565dedb5cc948f0.dll,#1
2⤵
PID:1552

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1552-54-0x0000000000000000-mapping.dmp

Download
memory/1552-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download