f05f8cc61c47559633a8f1451cfb7c67be9bd17de7d61298252b322fb562e6b8 | Triage

Analysis

max time kernel
37s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f05f8cc61c47559633a8f1451cfb7c67be9bd17de7d61298252b322fb562e6b8.dll
Size

4KB
MD5

b27c36a393b1d8a187758b1f2a538040
SHA1

f33674cd7dd7cb6edf812c7ca9d3737fb4b9932a
SHA256

f05f8cc61c47559633a8f1451cfb7c67be9bd17de7d61298252b322fb562e6b8
SHA512

b8a7bbdde34c3c8c0831e713371f682add233909ab3351b4d240a8628d436d9066048bea4a7545141deed8d91a99fea0272459faf0bf0d492c7df0fd81780c4e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28
PID 1392 wrote to memory of 1776	1392	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f05f8cc61c47559633a8f1451cfb7c67be9bd17de7d61298252b322fb562e6b8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f05f8cc61c47559633a8f1451cfb7c67be9bd17de7d61298252b322fb562e6b8.dll,#1
  2⤵
  PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1776-55-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download