afe097293167e1c01714ce97354dc93e5320df95726257e4812a639ddbf6bbb9 | Triage

Analysis

max time kernel
26s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 07:47

Sharing

Report Analysis Logs

General

Target

isilk.dll
Size

79KB
MD5

c748b01a4025b120a0ca66a14220aacd
SHA1

c401dc1ffd31f8fa6b31bb3be919b17e750f4ed4
SHA256

40c14030a0efa65c4ad73871de589ab6808a91d8b72b3ee26b332f22fdc85715
SHA512

7ad53a2f8ac47732c65430a51dc7e1d82d3166d3377032d85e089aec5d21b1edff71a25c9d1ead2db78ed35c71e08104730e5228c4215f37329562f6dd98c3df
SSDEEP

1536:6ZlB61nPNv+JbedvHXH1Oyxi+4/yOZdZLaDow:cB6gbedvHXH1LxiByOZdID

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 964	1688	rundll32.exe	28
PID 1688 wrote to memory of 964	1688	rundll32.exe	28
PID 1688 wrote to memory of 964	1688	rundll32.exe	28
PID 1688 wrote to memory of 964	1688	rundll32.exe	28
PID 1688 wrote to memory of 964	1688	rundll32.exe	28
PID 1688 wrote to memory of 964	1688	rundll32.exe	28
PID 1688 wrote to memory of 964	1688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\isilk.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\isilk.dll,#1
  2⤵
  PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download