bde4a070baec7523c3a63badb9bcead474184f5c8856060e08915777a447c537 | Triage

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 22:26

Sharing

Report Analysis Logs

General

Target

bde4a070baec7523c3a63badb9bcead474184f5c8856060e08915777a447c537.dll
Size

4KB
MD5

9d8e6d922a174a4678faa512cd5d2260
SHA1

80d03e0b5b5b565644f3530600f6ef0a9aa56f43
SHA256

bde4a070baec7523c3a63badb9bcead474184f5c8856060e08915777a447c537
SHA512

7b3ce1f7aa131b81c63bed9356bcbc8e79c31aab43bc68bef87d55f7c558fd2b1cbcd87e4c4e33fa17088426f23c98c30086895bd50e701cdd89fadc57b59c94

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 1988	1968	rundll32.exe	26
PID 1968 wrote to memory of 1988	1968	rundll32.exe	26
PID 1968 wrote to memory of 1988	1968	rundll32.exe	26
PID 1968 wrote to memory of 1988	1968	rundll32.exe	26
PID 1968 wrote to memory of 1988	1968	rundll32.exe	26
PID 1968 wrote to memory of 1988	1968	rundll32.exe	26
PID 1968 wrote to memory of 1988	1968	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bde4a070baec7523c3a63badb9bcead474184f5c8856060e08915777a447c537.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bde4a070baec7523c3a63badb9bcead474184f5c8856060e08915777a447c537.dll,#1
  2⤵
  PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-55-0x0000000076141000-0x0000000076143000-memory.dmp

Filesize
8KB

Download