1fb0b53e2320aeb23edc0d641ed2ab788aa822c0458b630524c39cf551f22d3f | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 05:22

Sharing

Report Analysis Logs

General

Target

1fb0b53e2320aeb23edc0d641ed2ab788aa822c0458b630524c39cf551f22d3f.dll
Size

3KB
MD5

690ed24dd6f470088404153adf25ed80
SHA1

448ad0e237f9f6cbf232801a97ef4771326caa21
SHA256

1fb0b53e2320aeb23edc0d641ed2ab788aa822c0458b630524c39cf551f22d3f
SHA512

1a0b1e68e61c2940ca7279e01a54ecbd78d62ffa4e4cab427470b67556c5c5608db87c7e6bb0429b81a8aaf3e415979a8f3f126a0b537f11f6f339ca5168140b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27
PID 992 wrote to memory of 928	992	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fb0b53e2320aeb23edc0d641ed2ab788aa822c0458b630524c39cf551f22d3f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fb0b53e2320aeb23edc0d641ed2ab788aa822c0458b630524c39cf551f22d3f.dll,#1
  2⤵
  PID:928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/928-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download