492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54 | Triage

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:04

Sharing

Report Analysis Logs

General

Target

492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll
Size

3KB
MD5

3760ec2244f60eab502ecea56a5d3983
SHA1

3f9ec576d1b6438cf15f95713290af5fc375c802
SHA256

492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54
SHA512

42898e5b184b90d69a94bde5fd273f25a982c2ec4284d7891895264afda0a79824a8e91eebd972053e1feecf3c8a91d39d4eef00e40977f52ca8cbbab81755f3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1676 wrote to memory of 1380	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1380	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1380	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1380	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1380	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1380	1676	rundll32.exe	rundll32.exe
PID 1676 wrote to memory of 1380	1676	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\492b70ad7161b781d35e66373313575fe24a65a0384bbd5adf410c3da4d61c54.dll,#1
2⤵
PID:1380

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1380-54-0x0000000000000000-mapping.dmp

Download
memory/1380-55-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download