ae16e8bf7f4560622cad007394a5b9874cafea8e0656f931af4ef22c60719394 | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 22:31

Sharing

Report Analysis Logs

General

Target

ae16e8bf7f4560622cad007394a5b9874cafea8e0656f931af4ef22c60719394.dll
Size

3KB
MD5

19425267f0a477b2ddcbf62f9b8f9650
SHA1

7c927795e26c642bb9115c8f977431e2ffafad7c
SHA256

ae16e8bf7f4560622cad007394a5b9874cafea8e0656f931af4ef22c60719394
SHA512

600eabb82e80ff107a11f1c1e993c1f5b5bab49d523279141816e610ec57d2a13c10d35dc46db0c6ded76099bb4c9aa9890a2b45bf7931d1c360e24db96dc7a7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27
PID 1604 wrote to memory of 1156	1604	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae16e8bf7f4560622cad007394a5b9874cafea8e0656f931af4ef22c60719394.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae16e8bf7f4560622cad007394a5b9874cafea8e0656f931af4ef22c60719394.dll,#1
  2⤵
  PID:1156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1156-55-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download