f37854451a2b06f896d814e1062caf2bb0896d6ff10c8a0cf01076ac63ef14ec | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 18:56

Sharing

Report Analysis Logs

General

Target

f37854451a2b06f896d814e1062caf2bb0896d6ff10c8a0cf01076ac63ef14ec.dll
Size

3KB
MD5

aa9613841bcaa99c5a5b238a69c459e0
SHA1

e3fa4931d0f7b330bc6dbd2d482e5aa5ba91d1c2
SHA256

f37854451a2b06f896d814e1062caf2bb0896d6ff10c8a0cf01076ac63ef14ec
SHA512

66e8043bc13ed8158eb75229bf7e84a05948e70d49bac58d26d0a62794f7dc512d4a36e78c2ddf3591a61a8af2d7b0199ad92a4713250c7f10b09c2bfe69cd2e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 288 wrote to memory of 748	288	rundll32.exe	28
PID 288 wrote to memory of 748	288	rundll32.exe	28
PID 288 wrote to memory of 748	288	rundll32.exe	28
PID 288 wrote to memory of 748	288	rundll32.exe	28
PID 288 wrote to memory of 748	288	rundll32.exe	28
PID 288 wrote to memory of 748	288	rundll32.exe	28
PID 288 wrote to memory of 748	288	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f37854451a2b06f896d814e1062caf2bb0896d6ff10c8a0cf01076ac63ef14ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f37854451a2b06f896d814e1062caf2bb0896d6ff10c8a0cf01076ac63ef14ec.dll,#1
  2⤵
  PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/748-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download