8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f | Triage

Analysis

max time kernel
29s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 15:08

Sharing

Report Analysis Logs

General

Target

8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f.dll
Size

3KB
MD5

c6bb5f347204f1abafc9d41f6b0b7477
SHA1

1921478208317a5dc108b0cb16a8f9aad97e6ac7
SHA256

8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f
SHA512

7080d557645f844dbf80dd8ac7a9798120080ef0cea4ae71002d09fa609ea2d3648e2f20d42f86edeb63760703c89292fc54a5b990942ceeb1d58acda664243f

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28
PID 2004 wrote to memory of 1892	2004	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8079798391ccb2afa987614390436c6918f15b2056aab80ef5aa8b03c530aa3f.dll,#1
  2⤵
  PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-55-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download