68d989aa469f7af6b0cbe7bfb0029770ea99305b123666caba7a5ac65a9bb17c | Triage

Analysis

max time kernel
99s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 05:56

Sharing

Report Analysis Logs

General

Target

68d989aa469f7af6b0cbe7bfb0029770ea99305b123666caba7a5ac65a9bb17c.dll
Size

3KB
MD5

ea5e8d440099cb8213445830dfa543e0
SHA1

ba65905b3e4c32ac687712d5dcf7d65302c8988c
SHA256

68d989aa469f7af6b0cbe7bfb0029770ea99305b123666caba7a5ac65a9bb17c
SHA512

b8b1c1368ac43e2e1807bf82bcd8f0ed090cd28745b90c58a5408ac389515cfc33e4d15776572b3f7c969def0bbdac84e0ae74bc4bead532c6aa7ac2eec07fc2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68d989aa469f7af6b0cbe7bfb0029770ea99305b123666caba7a5ac65a9bb17c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68d989aa469f7af6b0cbe7bfb0029770ea99305b123666caba7a5ac65a9bb17c.dll,#1
  2⤵
  PID:360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/360-55-0x0000000075151000-0x0000000075153000-memory.dmp

Filesize
8KB

Download