a0ab1b3896f9698faf31bd835cab6992b1155d49afd872ff226bd44802328eb9 | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24/11/2022, 00:51

Sharing

Report Analysis Logs

General

Target

a0ab1b3896f9698faf31bd835cab6992b1155d49afd872ff226bd44802328eb9.dll
Size

4KB
MD5

35c80316e8a05fd16d6a05406176c5b2
SHA1

f21fd0491a666ae80c3918e1931347a1e215171a
SHA256

a0ab1b3896f9698faf31bd835cab6992b1155d49afd872ff226bd44802328eb9
SHA512

54e9ae2ac7c9f302f44dcd6c47c1d3c4bd8b93f37c44ceb799ea18190591eedaad7313a0c3fe663f14b959a116e0b5f6f0378f383189e449d982fdd6224f1e4f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27
PID 1084 wrote to memory of 1652	1084	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0ab1b3896f9698faf31bd835cab6992b1155d49afd872ff226bd44802328eb9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0ab1b3896f9698faf31bd835cab6992b1155d49afd872ff226bd44802328eb9.dll,#1
  2⤵
  PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download