8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec | Triage

Analysis

max time kernel
1s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:40

Sharing

Report Analysis Logs

General

Target

8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll
Size

3KB
MD5

005106f7588d9e416bb7c66ce3b0a960
SHA1

6d3428acbeba4725bce8b876662b9a10c0b97fd0
SHA256

8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec
SHA512

fa80f73426b88200d17071bc235dfa890792e260b150318175cf6c4560f8e725748cfaaac3da19133d2d499ef003fdca46fca9fc774d02ca33023f58b312d169

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1356 wrote to memory of 1052	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1052	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1052	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1052	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1052	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1052	1356	rundll32.exe	rundll32.exe
PID 1356 wrote to memory of 1052	1356	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1356

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8f3efd199ac255a69425bee62f00b77600de704b706af63ad92f5b8b075b55ec.dll,#1
2⤵
PID:1052

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1052-54-0x0000000000000000-mapping.dmp

Download
memory/1052-55-0x0000000074E01000-0x0000000074E03000-memory.dmp

Filesize
8KB

Download