02f1df022f644c6581bdedb2e2b61bb128b469ca164d2637577692e45e369a07 | Triage

Analysis

max time kernel
18s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 06:58

Sharing

Report Analysis Logs

General

Target

02f1df022f644c6581bdedb2e2b61bb128b469ca164d2637577692e45e369a07.dll
Size

4KB
MD5

9b2c15e9a661ffcd1efd8b4ab5c68310
SHA1

2c31cdff8d0b20a2552f93a5ed272bc9bd7755ef
SHA256

02f1df022f644c6581bdedb2e2b61bb128b469ca164d2637577692e45e369a07
SHA512

753c103272c4b6031320187c21a6d0c922f4aa0b2745414c4d3ad23cfdea20b6152c5fea7a750c56ef826aa0d33c16baaee4f90bb783b60fa00d0486190b5d49

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 980	836	rundll32.exe	28
PID 836 wrote to memory of 980	836	rundll32.exe	28
PID 836 wrote to memory of 980	836	rundll32.exe	28
PID 836 wrote to memory of 980	836	rundll32.exe	28
PID 836 wrote to memory of 980	836	rundll32.exe	28
PID 836 wrote to memory of 980	836	rundll32.exe	28
PID 836 wrote to memory of 980	836	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02f1df022f644c6581bdedb2e2b61bb128b469ca164d2637577692e45e369a07.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02f1df022f644c6581bdedb2e2b61bb128b469ca164d2637577692e45e369a07.dll,#1
  2⤵
  PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/980-55-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download