3890a87647e45a5065a327788566358793360d3cf44a9f3767d5cfeba322fd85 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 01:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3890a87647e45a5065a327788566358793360d3cf44a9f3767d5cfeba322fd85.dll
Size

3KB
MD5

feb3949335fb9ec33686d14a092152f0
SHA1

a2d81ee3b5af1fe138e97276032bd73b627eb853
SHA256

3890a87647e45a5065a327788566358793360d3cf44a9f3767d5cfeba322fd85
SHA512

c83c68fdfcee3eb8eb41ac77026ac7106471b2ea1216e2d822ea713201eebc05451e27848c14c8c129f4999bca295af6bcbcc824648c3c5dac40b3c22e7003c4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27
PID 1672 wrote to memory of 2016	1672	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3890a87647e45a5065a327788566358793360d3cf44a9f3767d5cfeba322fd85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3890a87647e45a5065a327788566358793360d3cf44a9f3767d5cfeba322fd85.dll,#1
  2⤵
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-55-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download