6681062cf15ef8b9535149171a06f66b408b9fa4e788ce8771046c6873a0a35d | Triage

Analysis

max time kernel
55s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:46

Sharing

Report Analysis Logs

General

Target

6681062cf15ef8b9535149171a06f66b408b9fa4e788ce8771046c6873a0a35d.dll
Size

3KB
MD5

3643b7ff545214fcaa35428c6bfe4582
SHA1

9ed4bab47d41e7a285530646b7ee90fa55e93159
SHA256

6681062cf15ef8b9535149171a06f66b408b9fa4e788ce8771046c6873a0a35d
SHA512

dec05b8fe873fab253ac2313bbb3cb3d740b601a65fb1c3bdae66e583b7cfeb33ca2c1a9ca8e3c311937c655343d5c4a54790c70d0c708cf55fbdd641686a43b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1120 wrote to memory of 304	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 304	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 304	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 304	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 304	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 304	1120	rundll32.exe	rundll32.exe
PID 1120 wrote to memory of 304	1120	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6681062cf15ef8b9535149171a06f66b408b9fa4e788ce8771046c6873a0a35d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6681062cf15ef8b9535149171a06f66b408b9fa4e788ce8771046c6873a0a35d.dll,#1
2⤵
PID:304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/304-54-0x0000000000000000-mapping.dmp

Download
memory/304-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

Filesize
8KB

Download