a82950f595492af1190ad17d41edf4cd6acae06c3d10a50fd3aa953fe5648d70 | Triage

Analysis

max time kernel
23s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 04:18

Sharing

Report Analysis Logs

General

Target

a82950f595492af1190ad17d41edf4cd6acae06c3d10a50fd3aa953fe5648d70.dll
Size

3KB
MD5

69df3d119efe408686730b116f39f8b0
SHA1

c264be399729a177c631bbba86ddabe82b6d6614
SHA256

a82950f595492af1190ad17d41edf4cd6acae06c3d10a50fd3aa953fe5648d70
SHA512

166804f136e37a2bb3472d1dd10357d9192b9296dc0e390b0e6f72aa0b178bc36af8e28184ac3c295502d78b4643c345df93eb65d724251a46535f1222c2ca84

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28
PID 1952 wrote to memory of 1056	1952	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a82950f595492af1190ad17d41edf4cd6acae06c3d10a50fd3aa953fe5648d70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a82950f595492af1190ad17d41edf4cd6acae06c3d10a50fd3aa953fe5648d70.dll,#1
  2⤵
  PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1056-55-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download