ad863050d95c57bb3ee42efcf5de780049cd90a5e91e43ada706d0bf55909e62 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad863050d95c57bb3ee42efcf5de780049cd90a5e91e43ada706d0bf55909e62.dll
Size

3KB
MD5

f9044fd3c86e8e66ff7c441126d85a36
SHA1

831e78424de250bf69353445b2b1149bd042f699
SHA256

ad863050d95c57bb3ee42efcf5de780049cd90a5e91e43ada706d0bf55909e62
SHA512

d9a20f866ede6dc6f8c9b3db21d507a67a3adf4accf6575ee16d245df5e9d4447f56fc63475215e0836b0979d9a43acd8146252cf5a9872fed8fb6e81de544d2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27
PID 868 wrote to memory of 552	868	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad863050d95c57bb3ee42efcf5de780049cd90a5e91e43ada706d0bf55909e62.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad863050d95c57bb3ee42efcf5de780049cd90a5e91e43ada706d0bf55909e62.dll,#1
  2⤵
  PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/552-55-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download