5d9f2038276489d15bf1f2d74e024a91083ab0d7b552f9d58e8790b8163e4e2a | Triage

Analysis

max time kernel
4s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5d9f2038276489d15bf1f2d74e024a91083ab0d7b552f9d58e8790b8163e4e2a.dll
Size

3KB
MD5

09de4ecc4b431bbc33dd15ba8c1149e0
SHA1

ff6dd75e0aa71ffffb3f4a3991f60324dbe11c1b
SHA256

5d9f2038276489d15bf1f2d74e024a91083ab0d7b552f9d58e8790b8163e4e2a
SHA512

dd1f15ae7eb464da7f72d5f1b5c355800afd8a5fcc5607a7e44e0628bd43747db5829702b22ab3b75be8fb3ed3d778647909f66efaeda09cdfbddf4d8991268a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1320	1352	rundll32.exe	27
PID 1352 wrote to memory of 1320	1352	rundll32.exe	27
PID 1352 wrote to memory of 1320	1352	rundll32.exe	27
PID 1352 wrote to memory of 1320	1352	rundll32.exe	27
PID 1352 wrote to memory of 1320	1352	rundll32.exe	27
PID 1352 wrote to memory of 1320	1352	rundll32.exe	27
PID 1352 wrote to memory of 1320	1352	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d9f2038276489d15bf1f2d74e024a91083ab0d7b552f9d58e8790b8163e4e2a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d9f2038276489d15bf1f2d74e024a91083ab0d7b552f9d58e8790b8163e4e2a.dll,#1
  2⤵
  PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1320-55-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download