dd07d98f0029376790b566491ab825a1be0f39c588cacbf8b1a1d751992da4d0 | Triage

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 15:05

Sharing

Report Analysis Logs

General

Target

dd07d98f0029376790b566491ab825a1be0f39c588cacbf8b1a1d751992da4d0.dll
Size

3KB
MD5

6fff79107c54574911d54fa2209d2818
SHA1

4cf0e1628e00bd6e81b1a3519d104b4e2e103aba
SHA256

dd07d98f0029376790b566491ab825a1be0f39c588cacbf8b1a1d751992da4d0
SHA512

c0727b786e58dbcf26d76434f7a52ab8d9f2726a06e3a99f42ebb32187e07a0fbc57dd05505af1a0f7c788e137203e8732b12d0c7db158f77d45eb23014d6008

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1936	1500	rundll32.exe	27
PID 1500 wrote to memory of 1936	1500	rundll32.exe	27
PID 1500 wrote to memory of 1936	1500	rundll32.exe	27
PID 1500 wrote to memory of 1936	1500	rundll32.exe	27
PID 1500 wrote to memory of 1936	1500	rundll32.exe	27
PID 1500 wrote to memory of 1936	1500	rundll32.exe	27
PID 1500 wrote to memory of 1936	1500	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd07d98f0029376790b566491ab825a1be0f39c588cacbf8b1a1d751992da4d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd07d98f0029376790b566491ab825a1be0f39c588cacbf8b1a1d751992da4d0.dll,#1
  2⤵
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-55-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download