5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f | Triage

Analysis

max time kernel
228s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 15:09

Sharing

Report Analysis Logs

General

Target

5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f.dll
Size

3KB
MD5

91b8ebb8364e34a76c3dab0136aa2e66
SHA1

2119b8b7aadad37c8a653a13cef3748b5810fc6f
SHA256

5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f
SHA512

f0e3d605798df60b76039515c5b3e5a0d42a02f7453000e8c1272df7b9afd9cb64bcbb0abb8f9a2a6f3336b2e1f3ab920e79d93f6e5b23659071e72761b3f1ab

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 580 wrote to memory of 1192	580	rundll32.exe	28
PID 580 wrote to memory of 1192	580	rundll32.exe	28
PID 580 wrote to memory of 1192	580	rundll32.exe	28
PID 580 wrote to memory of 1192	580	rundll32.exe	28
PID 580 wrote to memory of 1192	580	rundll32.exe	28
PID 580 wrote to memory of 1192	580	rundll32.exe	28
PID 580 wrote to memory of 1192	580	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f38c8263d65c04eceaf0451314f00cf40f93252e0e1db3393450563a20e581f.dll,#1
  2⤵
  PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1192-55-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download