ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:23

Sharing

Report Analysis Logs

General

Target

ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe.dll
Size

3KB
MD5

9221ff0fefd8b92ef3796bf05c38a6e0
SHA1

94934973acc6db5cb1d4b4e305068978cfac090d
SHA256

ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe
SHA512

bae875cd5f88a3d903bff92aa18d3522ca75cdf331b1983ade89ed8aebe8b44d1b94c7bae38d94313c1f657f13bbeb5685b3067c21c3e7e2cdd5dd415ae8e2a0

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1036	1784	rundll32.exe	28
PID 1784 wrote to memory of 1036	1784	rundll32.exe	28
PID 1784 wrote to memory of 1036	1784	rundll32.exe	28
PID 1784 wrote to memory of 1036	1784	rundll32.exe	28
PID 1784 wrote to memory of 1036	1784	rundll32.exe	28
PID 1784 wrote to memory of 1036	1784	rundll32.exe	28
PID 1784 wrote to memory of 1036	1784	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba59c27a31a7e155df6c9b2ffc006464bbd81c6ceac1a07109fcb230d1ac59fe.dll,#1
  2⤵
  PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1036-55-0x00000000753C1000-0x00000000753C3000-memory.dmp

Filesize
8KB

Download