bc1acc0cd998e6b671c54fdc2e42a9751929fd75d7a4c6989e9a05ac3e5a9b02 | Triage

Analysis

max time kernel
25s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bc1acc0cd998e6b671c54fdc2e42a9751929fd75d7a4c6989e9a05ac3e5a9b02.dll
Size

3KB
MD5

8e3f0f1fe6a98c649a84e8a1742f3650
SHA1

acb67517a5677ccb358043b58282613f8020e5b7
SHA256

bc1acc0cd998e6b671c54fdc2e42a9751929fd75d7a4c6989e9a05ac3e5a9b02
SHA512

e2c6ae2d9540213f4ae17bdb17d0117ff67abc682aff99588ba6e4a5b0290eca64f665438914d55a7bb32cafc41eb1aa9b2c4aeecda0e9b84cd0dc33a90d87a3

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1332	1236	rundll32.exe	28
PID 1236 wrote to memory of 1332	1236	rundll32.exe	28
PID 1236 wrote to memory of 1332	1236	rundll32.exe	28
PID 1236 wrote to memory of 1332	1236	rundll32.exe	28
PID 1236 wrote to memory of 1332	1236	rundll32.exe	28
PID 1236 wrote to memory of 1332	1236	rundll32.exe	28
PID 1236 wrote to memory of 1332	1236	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc1acc0cd998e6b671c54fdc2e42a9751929fd75d7a4c6989e9a05ac3e5a9b02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc1acc0cd998e6b671c54fdc2e42a9751929fd75d7a4c6989e9a05ac3e5a9b02.dll,#1
  2⤵
  PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-55-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download