89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6 | Triage

Analysis

max time kernel
63s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:22

Sharing

Report Analysis Logs

General

Target

89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll
Size

3KB
MD5

3568cbf50c7cb003419ae7306a36922f
SHA1

95c03603518ea8c2ddcdc1834703cc384f723e50
SHA256

89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6
SHA512

595f59bc10012c6a03853fac17984bea94a621aa30144053c5338573b55c561148610e2754393a2858d5c0df62424a3c6bb98cf6c01879d35b7864e241fd8db0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 280 wrote to memory of 436	280	rundll32.exe	rundll32.exe
PID 280 wrote to memory of 436	280	rundll32.exe	rundll32.exe
PID 280 wrote to memory of 436	280	rundll32.exe	rundll32.exe
PID 280 wrote to memory of 436	280	rundll32.exe	rundll32.exe
PID 280 wrote to memory of 436	280	rundll32.exe	rundll32.exe
PID 280 wrote to memory of 436	280	rundll32.exe	rundll32.exe
PID 280 wrote to memory of 436	280	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:280

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\89e68464bd45d602c9312a38a590d46fc8a1c66ed4faf3fdb28ef37bfe724bc6.dll,#1
2⤵
PID:436

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/436-54-0x0000000000000000-mapping.dmp

Download
memory/436-55-0x0000000075EC1000-0x0000000075EC3000-memory.dmp

Filesize
8KB

Download