f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b | Triage

Analysis

max time kernel
72s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:04

Sharing

Report Analysis Logs

General

Target

f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b.dll
Size

3KB
MD5

ec8922a583022ea0232ec2a503da62f0
SHA1

4f29e16a6561cf2aa868f9342dd827dd99a96e48
SHA256

f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b
SHA512

56259878bb8932d51ff40778bde05ecb76f1eacf6d229c9e74cf316a2c4b855513a8361899f0a3a7a07d007dc5a64a69019d7badf5fa569ae22ce3412f671f1e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 2036	1172	rundll32.exe	28
PID 1172 wrote to memory of 2036	1172	rundll32.exe	28
PID 1172 wrote to memory of 2036	1172	rundll32.exe	28
PID 1172 wrote to memory of 2036	1172	rundll32.exe	28
PID 1172 wrote to memory of 2036	1172	rundll32.exe	28
PID 1172 wrote to memory of 2036	1172	rundll32.exe	28
PID 1172 wrote to memory of 2036	1172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f59111d88cd559b7ed421f69c7d45a88748d3eb939ff39e0ef37ab4ccb046d8b.dll,#1
  2⤵
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x0000000075020000-0x0000000075028000-memory.dmp

Filesize
32KB

Download
memory/2036-57-0x0000000075010000-0x0000000075018000-memory.dmp

Filesize
32KB

Download
memory/2036-58-0x0000000075010000-0x0000000075018000-memory.dmp

Filesize
32KB

Download