616dc0b88d8a40cda17fe66d16f736df8535034e6667e158749a435cb5a8bce1 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:49

Sharing

Report Analysis Logs

General

Target

616dc0b88d8a40cda17fe66d16f736df8535034e6667e158749a435cb5a8bce1.dll
Size

3KB
MD5

3de308e835027a6bbf57a5a141a3a71d
SHA1

25032701e132c63f5c0a4496928f959abacc1cb1
SHA256

616dc0b88d8a40cda17fe66d16f736df8535034e6667e158749a435cb5a8bce1
SHA512

6aad9fa72c5851414bc577da25892f5814cf8c4c76ba298cbab67977d6d209ce6191952720f3105fbc15cd1e15466366eb8a76fb2f82751f1b8bb6eca0912171

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 284	1480	rundll32.exe	27
PID 1480 wrote to memory of 284	1480	rundll32.exe	27
PID 1480 wrote to memory of 284	1480	rundll32.exe	27
PID 1480 wrote to memory of 284	1480	rundll32.exe	27
PID 1480 wrote to memory of 284	1480	rundll32.exe	27
PID 1480 wrote to memory of 284	1480	rundll32.exe	27
PID 1480 wrote to memory of 284	1480	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\616dc0b88d8a40cda17fe66d16f736df8535034e6667e158749a435cb5a8bce1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\616dc0b88d8a40cda17fe66d16f736df8535034e6667e158749a435cb5a8bce1.dll,#1
  2⤵
  PID:284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/284-55-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download