1f22137a2fe224adb11eec1224e9eea9f97dfb7b72099a05b881d4ced5cfdf6e | Triage

Analysis

max time kernel
54s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 21:42

Sharing

Report Analysis Logs

General

Target

1f22137a2fe224adb11eec1224e9eea9f97dfb7b72099a05b881d4ced5cfdf6e.dll
Size

3KB
MD5

5baea4a56df2b72b66484d5fc400e980
SHA1

b5ede18fd6034213f800c7b1608db816229ff0b5
SHA256

1f22137a2fe224adb11eec1224e9eea9f97dfb7b72099a05b881d4ced5cfdf6e
SHA512

9ab9f81c07eb46e115e5a424df86cbfbb910957490f625dee32522dcea643061c901cb12f4a2ef56af8225cb334513f6599570f2df17a888b53b26c6e0495434

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1740	884	rundll32.exe	28
PID 884 wrote to memory of 1740	884	rundll32.exe	28
PID 884 wrote to memory of 1740	884	rundll32.exe	28
PID 884 wrote to memory of 1740	884	rundll32.exe	28
PID 884 wrote to memory of 1740	884	rundll32.exe	28
PID 884 wrote to memory of 1740	884	rundll32.exe	28
PID 884 wrote to memory of 1740	884	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f22137a2fe224adb11eec1224e9eea9f97dfb7b72099a05b881d4ced5cfdf6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f22137a2fe224adb11eec1224e9eea9f97dfb7b72099a05b881d4ced5cfdf6e.dll,#1
  2⤵
  PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-54-0x0000000000000000-mapping.dmp

Download
memory/1740-55-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download