da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d | Triage

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:14

Sharing

Report Analysis Logs

General

Target

da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll
Size

4KB
MD5

aae6f82733fd37acaeb90965bdd33190
SHA1

d90d4f1a4277a9c45f45cddbcd10bd87e34ea299
SHA256

da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d
SHA512

1bb741e845a9085866f26e2d54830be7ce7c7dd8cd24cb5432b34f410a4e635ef58a696650fdd346144b5cd683cf1cdcb1b2f7d9def1d3cbb5b4a58c4d4d3c16

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1832	1100	rundll32.exe	28
PID 1100 wrote to memory of 1832	1100	rundll32.exe	28
PID 1100 wrote to memory of 1832	1100	rundll32.exe	28
PID 1100 wrote to memory of 1832	1100	rundll32.exe	28
PID 1100 wrote to memory of 1832	1100	rundll32.exe	28
PID 1100 wrote to memory of 1832	1100	rundll32.exe	28
PID 1100 wrote to memory of 1832	1100	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll,#1
  2⤵
  PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1832-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download