a58d3809acbf110e2835a65768ce44630def0030f1549b9eee1874e95a0fb080 | Triage

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 03:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a58d3809acbf110e2835a65768ce44630def0030f1549b9eee1874e95a0fb080.dll
Size

4KB
MD5

6ca3ceef6715fe90f9b51169a5a14f60
SHA1

2629ec16da13d1c9c686f01da63e8c1d130cdbaa
SHA256

a58d3809acbf110e2835a65768ce44630def0030f1549b9eee1874e95a0fb080
SHA512

789bc97ae71d5e026c2cabf52f7f8f93ec1bbaab1fee36ee004dda2dd99d9831013f3df60261acf5f7c152e5c4f32b7a563de94022ffce759eb16b8806f5b1ff

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1112	536	rundll32.exe	28
PID 536 wrote to memory of 1112	536	rundll32.exe	28
PID 536 wrote to memory of 1112	536	rundll32.exe	28
PID 536 wrote to memory of 1112	536	rundll32.exe	28
PID 536 wrote to memory of 1112	536	rundll32.exe	28
PID 536 wrote to memory of 1112	536	rundll32.exe	28
PID 536 wrote to memory of 1112	536	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a58d3809acbf110e2835a65768ce44630def0030f1549b9eee1874e95a0fb080.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a58d3809acbf110e2835a65768ce44630def0030f1549b9eee1874e95a0fb080.dll,#1
  2⤵
  PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download