59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:21

Sharing

Report Analysis Logs

General

Target

59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll
Size

3KB
MD5

76d49e836313b3fe70c2490ca4e848d0
SHA1

cdb924c6f7b00b2534d45162a34c0d5a165e5a1e
SHA256

59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa
SHA512

be20568969c5f245a60ee7d9cad93d9f441e4ea48e847d9a333dad0113a2de7c06140357b263e62deb329cffef7ad5bcabff4d9478d9e42ae12edcbe9ccbe4fc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 980	2024	rundll32.exe	27
PID 2024 wrote to memory of 980	2024	rundll32.exe	27
PID 2024 wrote to memory of 980	2024	rundll32.exe	27
PID 2024 wrote to memory of 980	2024	rundll32.exe	27
PID 2024 wrote to memory of 980	2024	rundll32.exe	27
PID 2024 wrote to memory of 980	2024	rundll32.exe	27
PID 2024 wrote to memory of 980	2024	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll,#1
  2⤵
  PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/980-55-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download