f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7 | Triage

Analysis

max time kernel
41s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:02

Sharing

Report Analysis Logs

General

Target

f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll
Size

3KB
MD5

369ae2d44ddad29298c7fc5c8571cfe9
SHA1

1a184415a54aeb97020db9dd5666212634b62cf7
SHA256

f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7
SHA512

d75bd12c8b65169c271b6172da07c2baef285ce86e961f3a2eecceb2a34a94f1aba5fe3b5d5a5a31c66da02a057727302ef444d03cf51bb7e34c7d71a8053842

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1628 wrote to memory of 572	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 572	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 572	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 572	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 572	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 572	1628	rundll32.exe	rundll32.exe
PID 1628 wrote to memory of 572	1628	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1628

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f83cc8890370756d28c3c0370a4716d79a24e0fd442a09185ea9bde933fae1e7.dll,#1
2⤵
PID:572

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/572-54-0x0000000000000000-mapping.dmp

Download
memory/572-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download