f9a42cd766ccb205cc2c9b40ceeb19b59830bb83879c786979174d4ef82f59c1 | Triage

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 05:18

Sharing

Report Analysis Logs

General

Target

f9a42cd766ccb205cc2c9b40ceeb19b59830bb83879c786979174d4ef82f59c1.dll
Size

3KB
MD5

eeab5212aee55a2a890ce14cf06ed130
SHA1

1b11132ff9b394ec38bdbabb4b21d449aab06155
SHA256

f9a42cd766ccb205cc2c9b40ceeb19b59830bb83879c786979174d4ef82f59c1
SHA512

d3803305bdf866c228b5380eba2ba31a93d659f5a9feef4e83a5609b2e1f4b4cf820af05c8331036d01bc51243b4de273330055cca530d582f315fded82490d7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26
PID 1248 wrote to memory of 1120	1248	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a42cd766ccb205cc2c9b40ceeb19b59830bb83879c786979174d4ef82f59c1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a42cd766ccb205cc2c9b40ceeb19b59830bb83879c786979174d4ef82f59c1.dll,#1
  2⤵
  PID:1120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1120-54-0x0000000000000000-mapping.dmp

Download
memory/1120-55-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download