487903b99e03be33f7ad2e089a9185c89072b5c8d217976adca2cd9d45ed7eec | Triage

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:01

Sharing

Report Analysis Logs

General

Target

487903b99e03be33f7ad2e089a9185c89072b5c8d217976adca2cd9d45ed7eec.dll
Size

4KB
MD5

57c52f2473ec3072f6cc546bfc4e4e80
SHA1

0d93312a7b3a805bc07967cf48809e6312993345
SHA256

487903b99e03be33f7ad2e089a9185c89072b5c8d217976adca2cd9d45ed7eec
SHA512

1ad12fe76589df0b4a7aede3f74cdbeaa3db409e5e4bd450d3e6b0c84a62d545f558fc5f0bbb3e5b157b68cd12f97759d2125196556751152115cf7b1662ceb6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27
PID 112 wrote to memory of 1472	112	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\487903b99e03be33f7ad2e089a9185c89072b5c8d217976adca2cd9d45ed7eec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\487903b99e03be33f7ad2e089a9185c89072b5c8d217976adca2cd9d45ed7eec.dll,#1
  2⤵
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1472-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download