ac673823e25615c310dfb59413fd6facb170b34b67e85f9385e3208fc30e0e0b | Triage

Analysis

max time kernel
97s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac673823e25615c310dfb59413fd6facb170b34b67e85f9385e3208fc30e0e0b.dll
Size

3KB
MD5

6c949dc8810f0121bcddbbdc6f0bfad6
SHA1

c03d0065c0f034c90540f06241fddc146137ce96
SHA256

ac673823e25615c310dfb59413fd6facb170b34b67e85f9385e3208fc30e0e0b
SHA512

58b7fba43be4d0881f8033d6f2095d98f0180fbe4f92e6744e2c17b2872cb83e313b7963d0171b1aa9f0fe9e91493a2cd96b845fff12b8a7d5953523db0b2b20

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 656	1160	rundll32.exe	28
PID 1160 wrote to memory of 656	1160	rundll32.exe	28
PID 1160 wrote to memory of 656	1160	rundll32.exe	28
PID 1160 wrote to memory of 656	1160	rundll32.exe	28
PID 1160 wrote to memory of 656	1160	rundll32.exe	28
PID 1160 wrote to memory of 656	1160	rundll32.exe	28
PID 1160 wrote to memory of 656	1160	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac673823e25615c310dfb59413fd6facb170b34b67e85f9385e3208fc30e0e0b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac673823e25615c310dfb59413fd6facb170b34b67e85f9385e3208fc30e0e0b.dll,#1
  2⤵
  PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/656-55-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download