a0a420059ff158ae9cd6b369c687263c31076534b3429711478117fda92dc9c3 | Triage

Analysis

max time kernel
21s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:47

Sharing

Report Analysis Logs

General

Target

a0a420059ff158ae9cd6b369c687263c31076534b3429711478117fda92dc9c3.dll
Size

3KB
MD5

88672e3668c58ccab63d95caf3a30861
SHA1

a02c40df3edd9d8efea7d914c8865fc8985089de
SHA256

a0a420059ff158ae9cd6b369c687263c31076534b3429711478117fda92dc9c3
SHA512

ba71cdedc0c1dc4f56e6a19ce721f5c353b4f8384fd85d114eb740cfea4e2f1fd2b6f32e5089beb0fce8a4cbea9d0ca30be199f0e24a4f027823ded8cf2cd1d9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 1336	1144	rundll32.exe	28
PID 1144 wrote to memory of 1336	1144	rundll32.exe	28
PID 1144 wrote to memory of 1336	1144	rundll32.exe	28
PID 1144 wrote to memory of 1336	1144	rundll32.exe	28
PID 1144 wrote to memory of 1336	1144	rundll32.exe	28
PID 1144 wrote to memory of 1336	1144	rundll32.exe	28
PID 1144 wrote to memory of 1336	1144	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0a420059ff158ae9cd6b369c687263c31076534b3429711478117fda92dc9c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0a420059ff158ae9cd6b369c687263c31076534b3429711478117fda92dc9c3.dll,#1
  2⤵
  PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-55-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download