8625fa4faf4ea7442837a84e75cc38611c8b1e8607fb626c646c6de4266d1426 | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:40

Sharing

Report Analysis Logs

General

Target

8625fa4faf4ea7442837a84e75cc38611c8b1e8607fb626c646c6de4266d1426.dll
Size

3KB
MD5

1510ce11724bb5054a96e3d97c77cf00
SHA1

3a02d22d71b65b2d84bf024987cd7895c708eb88
SHA256

8625fa4faf4ea7442837a84e75cc38611c8b1e8607fb626c646c6de4266d1426
SHA512

39b92c016e2a33592c17b4f677ce418bce523b8c5fd720ddc556d75b78311a05d2bf28eb5fd46fffb1aaf942483d4fc4ed5a6caa0949c8fd41a1ed75bd9c73be

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1740 wrote to memory of 1284	1740	rundll32.exe	rundll32.exe
PID 1740 wrote to memory of 1284	1740	rundll32.exe	rundll32.exe
PID 1740 wrote to memory of 1284	1740	rundll32.exe	rundll32.exe
PID 1740 wrote to memory of 1284	1740	rundll32.exe	rundll32.exe
PID 1740 wrote to memory of 1284	1740	rundll32.exe	rundll32.exe
PID 1740 wrote to memory of 1284	1740	rundll32.exe	rundll32.exe
PID 1740 wrote to memory of 1284	1740	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8625fa4faf4ea7442837a84e75cc38611c8b1e8607fb626c646c6de4266d1426.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8625fa4faf4ea7442837a84e75cc38611c8b1e8607fb626c646c6de4266d1426.dll,#1
2⤵
PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1284-54-0x0000000000000000-mapping.dmp

Download
memory/1284-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download