43631993bbf8cb519d5edcc12b203ca030cea319d17f7088ddbcc0ad4e17bd8b | Triage

Analysis

max time kernel
28s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 05:50

Sharing

Report Analysis Logs

General

Target

43631993bbf8cb519d5edcc12b203ca030cea319d17f7088ddbcc0ad4e17bd8b.dll
Size

4KB
MD5

8ef480e4796332369edcd2e860ba54e0
SHA1

e23d6d5355a45f571ba695925dfca6fee9a930f1
SHA256

43631993bbf8cb519d5edcc12b203ca030cea319d17f7088ddbcc0ad4e17bd8b
SHA512

8aa4222924bce0e3f9f838a1533b698ccca12a70cd4bc5a5428daf6cf6a38a515842066d0ce8de1f212ac1bbdf7ef21ae9910a8cd78a1b2cf926e85535d0d4a8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 904	1308	rundll32.exe	27
PID 1308 wrote to memory of 904	1308	rundll32.exe	27
PID 1308 wrote to memory of 904	1308	rundll32.exe	27
PID 1308 wrote to memory of 904	1308	rundll32.exe	27
PID 1308 wrote to memory of 904	1308	rundll32.exe	27
PID 1308 wrote to memory of 904	1308	rundll32.exe	27
PID 1308 wrote to memory of 904	1308	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43631993bbf8cb519d5edcc12b203ca030cea319d17f7088ddbcc0ad4e17bd8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43631993bbf8cb519d5edcc12b203ca030cea319d17f7088ddbcc0ad4e17bd8b.dll,#1
  2⤵
  PID:904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-55-0x0000000075661000-0x0000000075663000-memory.dmp

Filesize
8KB

Download