9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f | Triage

Analysis

max time kernel
40s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 22:42

Sharing

Report Analysis Logs

General

Target

9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll
Size

4KB
MD5

ea35f854ca8a4588b63fc3157fb00d00
SHA1

b4a6a9effda93834a493107b033f9b78e4e5d1aa
SHA256

9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f
SHA512

1acaeadd8e46dfd70f1ed67c7bc5059a9b1164a14b8f63b4f7202aa3f326dabbafe0dd87e88304d22ea757e484ef49fbcb220e52f27b90f1fb45b6441977f804

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28
PID 2036 wrote to memory of 1972	2036	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll,#1
  2⤵
  PID:1972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-55-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download